You can host the trust package file on Management Center (MC) if you have an Edge SWG (formerly ProxySG) device in a closed network or if it is having issues downloading the trust package directly such as:
The trust package must be available by HTTP not HTTPS. Enable HTTP on the MC appliance temporarily to host the trust package then disable it when completed.
These changes are required because the Edge SWG utilizes HTTP URLs for the trust package. In the example below, we chose port 8080 for the Edge SWG to communicate with MC to download the Trust Package.
The steps involved are:
By default HTTP is disabled on MC:
Enable HTTP on MC:
Add the file on MC:
Get the hosted URL for the trust package by using the "Copy the URL" button on MC:
Add the copied URL from MC to the trust package URL on the Edge SWG appliance:
Download the trust package on the Edge SWG appliance and load the trust package:
The Edge SWG appliance will show the messages above for a successful download from MC.
If there is a more recent trust package on the device the Edge SWG will not download the package. This is not a problem.
After hosting the trust package, disable HTTP on MC (if it was previously disabled) by executing the following commands via CLI:
> en
# configure terminal
(config) # security HTTP disable