Cloud SWG environment managed using Management Center.

Users accessing Cloud SWG using WSS Agent.

A subset of user reported problem accessing a backend server that was identified as a HTTP/2 related issue. Since the back end Application did not support HTTP/2, the Administrator wanted to disable the HTTP/2 protocol for the domain using the following CPL:

#if enforcement=wss
<proxy>
  client.connection.ssl_server_name.substring=http2.domain.com http2.client.accept(no) http2.server.request(no)
#endif

When pushing the policy out to the Cloud SWG device, the Management Center reported an error that the new CPL code above failed to get applied.

Management Center 2.x running.

Proxy reference server running on SGOS 6.7.5.13

HTTP/2 CPL options are only available to SGOS7x Proxy servers, and not SGOS6x servers that the reference server was running.

Upgrade reference server used by Management Center to SGOS7x.

As a workaround until this task is completed, you can do an SSL interception bypass for the domain.