Proxy getting health status critical after the upgrade to 7.x due to the malware scanning feature in 6.x.
Article ID: 235996
Updated On:
Products
Issue/Introduction
The proxy health status turned to "Critical" after an upgrade from 6.7 to 7.x.
The health status is related to the malware scanning. This error will show up if 'Malware Scanning' feature was enabled in 6.7.x.
Message: "Launch VPM to upgrade to Content Security Policy"
Environment
Content Security Policy is part of Policy Services, which allows you to scan traffic based on current content scanning recommendations and
set failover and security options for the ICAP service.
In previous versions of SGOS, you could configure the appliance to work with an external content scanning service—
either Symantec Content Analysis or another ICAP service—to implement a built-in Malware Scanning policy. Starting
with SGOS 7.x, that functionality is replaced by the Content Security Policy.
Like the previous Malware Scanning solution, in which the built-in policy was not available for editing, Content Security
Policy cannot be modified directly. Similar to the previous solution, you can create rules to supplement or override the global default.
Cause
This is an expected behavior because in version 7.x the malware scanning feature has been replaced with the Content Security policy.
Resolution
The Content Security need to applied under the Web Visual Policy Manager.
Below are the steps to configure the Content Security Layer or policy.
1. Go to Configuration > Policy > Visual Policy Manager and then click on the
2. On the Web VPM, click on the "Launch VPM" button. I will open the Web VPM.
3. Then click on "Add Layer" > Click on Content Security Layer > Configure the Content Security Layer by adding the ICAP server that you had configured on your appliance like in the screen shots below.
Feedback
