Having investigated the reported "connect ECONNREFUSED 127.0.0.1:8445" error message, this points to a request made to a localhost on port 8445, a port not utilized by the ISG web management interface, by design. For the required connection to the Web Management Interface of the ISG, please refer to the snippet below.

So, we recommend that the customer review the configuration of the ISG and the integrated applications, to validate the correctness of the port configuration. Also, see the reference Tech. docs. with URLs below.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/integrated-secure-gateway/2-3/About-ISG/initial_config_steps.html

The second reason why both the CLI and the Web Management Interface wouldn't be accessible would be because the ISG application isn't fully started and initialized. In this case, utilizing the start/stop application sub-commands would always be required. 

Note: The Content Analysis applications require a minimum of five minutes to start. Please refer to page 23 in the ISG 2.4 admin/CLI guide with URL below.

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/integrated-secure-gateway/generated-pdfs/2-4-isg-help.pdf

So, to prevent the recurrence of the reported issue(s), we have asked the customer to ensure the ISG application(s) is/are fully started and initialized and ensure to have the correct port numbers referenced, in the configurations, and during the connections. 

Additional resource: https://knowledge.broadcom.com/external/article/221083/required-ports-protocols-and-services-fo.html