Getting 502 status code when navigating SG/ASG using SG Admin Console (SGAC).
search cancel

Getting 502 status code when navigating SG/ASG using SG Admin Console (SGAC).

book

Article ID: 203521

calendar_today

Updated On:

Products

Management Center Symantec Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You are seeing 502 Status Code when navigating ProxySG or ASG using SGAC

Sample Screenshots

 

Environment

SGAC (SG Admin Console)

Management Center

ProxySG

ASG

Cause

Management Center's ssl-context was change to validate the management devices' HTTPS-Console certificate (e.g Device-Communication ssl-context was modified from "Global Default" to "Default")

Manage device (e.g. SG or ASG) is  presenting a certificate (self signed or signed)  that Management Center unable to verify.

 An MITM (man-in-the-middle) that intercepts SSL/TLS on port 8082 

Resolution

 

On Management Center, Import Root and/or Intermediate CA-Certificate that signed the  SG/ASG's certificate.  These must be added as well to "Browser-Trusted" CCL 

 

If you don't intend to verify Manage Devices Certificate, set the  SSL-Context back to "Global Default"

 

IF none of the above applies to you, check your network for potential MITM that may intercept 8082 between Management Center and SG/ASG

Additional Information

When using SGAC, Management Center has the potential to use both ssl-console (port 22)  and https-console (port 8082) to communicate with ProxySG or ASG