When pushing Universal Policy Enforcement (UPE) Policy from Management Center (MC) using on premise ProxySG/Edge SWG running version SGOS 7.3.11.1, the policy does not compile returning warnings and errors.

The complete error message seen:

9 warnings and 6 errors
Threat Isolation is entitled (restricted) but no ExemptCriteria exist. Threat Isolation will not be performed.
Exception name is not recognized as a built-in name, and will not be referenceable: 'isolation_service_error' tenant:1430: end
Exception name is not recognized as a built-in name, and will not be referenceable: 'isolation_service_config_error' tenant:1430: end
Exception name is not recognized as a built-in name, and will not be referenceable: 'http_stream_error' tenant:1430: end
Exception name is not recognized as a built-in name, and will not be referenceable: 'spoof_authentication_error' tenant:1430: end
Exception name is not recognized as a built-in name, and will not be referenceable: 'spoof_authentication_error' tenant:1430: end
network interface label not currently configured: 'interconnect' central:5684:     action.set_dedicated_egress_headers(yes) reflect_ip(interface.interconnect)
network interface label not currently configured: 'interconnect' central:5696:     action.set_dedicated_egress_connect_headers(yes) reflect_ip(interface.interconnect)
9 warnings and 6 errors
Error(s) encountered while creating exception facilities tenant:1430: end
Unrecognized field identifier: 'http.server.stream_error' tenant:1430: end
Unrecognized field identifier: 'http.server.stream_error_code' tenant:1430: end

Hybrid cloud environment managing policy with on premise ProxySG for UPE.

New exceptions in SGOS 7.3.11.1 are not defined in WSS yet.

Until this issue is addressed in the WSS/Cloud SWG environment, use a Proxy running SGOS 7.3.10.1 or earlier release. This KB article will be updated when the issue is resolved.