search cancel

Cannot apply HTTP/2 CPL to Cloud SWG tenant via Management Center


Article ID: 255304


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Cloud SWG environment managed using Management Center.

Users accessing Cloud SWG using WSS Agent.

A subset of user reported problem accessing a backend server that was identified as a HTTP/2 related issue. Since the back end Application did not support HTTP/2, the Administrator wanted to disable the HTTP/2 protocol for the domain using the following CPL:

#if enforcement=wss
<proxy> http2.client.accept(no) http2.server.request(no)

When pushing the policy out to the Cloud SWG device, the Management Center reported an error that the new CPL code above failed to get applied.


Management Center 2.x running.

Proxy reference server running on SGOS


HTTP/2 CPL options are only available to SGOS7x Proxy servers, and not SGOS6x servers that the reference server was running.


Upgrade reference server used by Management Center to SGOS7x.

As a workaround until this task is completed, you can do an SSL interception bypass for the domain.