Edge SWG License Update Fails
search cancel

Edge SWG License Update Fails

book

Article ID: 435536

calendar_today

Updated On:

Products

ISG Proxy

Issue/Introduction

The following symptoms were noticed:

  • Edge SWG or Advanced Secure Gateway (ASG) fail to update its license, even though a valid entitlement exists.
  • Metric "Base License Expiration" is in critical state.
  • Metric "SSL Proxy License Expiration" is in critical state.

Environment

Edge SWG

ASG

Cause

Broadcom licensing and subscription servers (such as validation.es.bluecoat.com) require TLS 1.2 or higher for secure communication.

Checking the SSL configuration (Configuration > SSL > Device Profiles > default) will show that the TLS version is too low.

This can also be noticed from the pcap taken on proxy while reproducing license retrieval:

Resolution

Enable TLS 1.2 and TLS 1.3:

  1. In the Edge SWG console navigate to Configuration > SSL > Device Profiles
  2. Click on "default" profile name
  3. Ensure that both "TLS 1.2" and "TLS 1.3" are checked/enabled in the supported versions list.
  4. Click Apply to save changes
Powered by Wolken Software