search cancel

Cannot apply HTTP/2 CPL to Cloud SWG tenant via Management Center

book

Article ID: 255304

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Cloud SWG environment managed using Management Center.

Users accessing Cloud SWG using WSS Agent.

A subset of user reported problem accessing a backend server that was identified as a HTTP/2 related issue. Since the back end Application did not support HTTP/2, the Administrator wanted to disable the HTTP/2 protocol for the domain using the following CPL:

#if enforcement=wss
<proxy>
client.connection.ssl_server_name.substring=http2.domain.com http2.client.accept(no) http2.server.request(no)
#endif

When pushing the policy out to the Cloud SWG device, the Management Center reported an error that the new CPL code above failed to get applied.

Environment

Management Center 2.x running.

Proxy reference server running on SGOS 6.7.5.13

Cause

HTTP/2 CPL options are only available to SGOS7x Proxy servers, and not SGOS6x servers that the reference server was running.

Resolution

Upgrade reference server used by Management Center to SGOS7x.

As a workaround until this task is completed, you can do an SSL interception bypass for the domain.