Several EC2 AWS servers run Symantec Protection Engine for Cloud Services v8.2. When attempting to have them monitored/managed by Symantec Protection Engine Cloud Console, the SPEs fail to become enrolled by the Central Console.
Release : 8.2.1
Component : Default-Sym
The CAF Agent component is not able to reach the central console for networking reasons.
When networking issues are the cause, log entries similar to the following occur in the cafagent.log file:
2022-01-04 15:03:08 | cafservice.CAFEnrollManager | Error | 7772 : 8172 : caf::CAFEnrollManager::EnrollDevice::<lambda_34efe32933640acb3170bde95bdc2a28>::operator ():122 | Enrollment with server failed.
2022-01-04 15:03:09 | cafservice.CAFEnrollManager | Error | 7772 : 8172 : caf::CAFEnrollManager::EnrollDevice::<lambda_34efe32933640acb3170bde95bdc2a28>::operator ():123 | The error code is:20
2022-01-04 15:03:09 | cafservice.CAFEnrollManager | Error | 7772 : 8172 : caf::CAFEnrollManager::EnrollDevice::<lambda_34efe32933640acb3170bde95bdc2a28>::operator ():124 | Error message: HttpTransportNetworkError
2022-01-04 15:03:09 | cafservice.CAFEnrollManager | Error | 7772 : 8172 : caf::CAFEnrollManager::EnrollDevice::<lambda_34efe32933640acb3170bde95bdc2a28>::operator ():125 | Error details: {"0":{"0":"ProxyModeDefault (8)","1":"EpmpClientErrorCodes: HttpTransportNetworkError (20)","2":{"0":"windows","1":87,"2":"The parameter is incorrect.\r\n"}},"1":{"0":"ProxyModeDefault (8)","1":"EpmpClientErrorCodes: HttpTransportNetworkError (20)","2":{"0":"windows","1":87,"2":"The parameter is incorrect.\r\n"}},"2":{"0":"ProxyModeDefault (8)","1":"EpmpClientErrorCodes: HttpTransportNetworkError (20)","2":{"0":"windows","1":87,"2":"The parameter is incorrect.\r\n"}},"3":{"0":"ProxyModeDefault (8)","1":"EpmpClientErrorCodes: HttpTransportNetworkError (20)","2":{"0":"windows","1":87,"2":"The parameter is incorrect.\r\n"}},"4":{"0":"ProxyModeDefault (8)","1":"EpmpClientErrorCodes: HttpTransportNetworkError (20)","2":{"0":"windows","1":87,"2":"The parameter is incorrect.\r\n"}},"5":{"0":"ProxyModeDisabled (16)","1":"EpmpClientErrorCodes: HttpTransportNetworkError (20)","2":{"0":"windows","1":87,"2":"The parameter is incorrect.\r\n"}},"6":{"0":"ProxyModeAutoDetect (2)","1":"EpmpClientErrorCodes: HttpTransportNetworkError (20)","2":{"0":"windows","1":87,"2":"The parameter is incorrect.\r\n"}}}
2022-01-04 15:03:09 | cafservice.CAFEnrollManager | Error | 7772 : 8172 : caf::CAFEnrollManager::EnrollDevice::<lambda_34efe32933640acb3170bde95bdc2a28>::operator ():157 | HTTP Transport error caused by some network problem, error message:HttpTransportNetworkError
Resolved by upgrade to SPE 8.2.2.
This issue can also occur as the result web filtering in the firewall which may cause the connection to not fully establish a connection on port 443. As the firewall admin to verify what is being filtered out in the firewall configuration, specifically web access going to port 443.
Broadcom also hides its original IP address to scwp.securitycloud.symantec.com which some firewall admins don't like because they prefer to configure the firewall with specific addresses to trust or not filter out rather than a raw URL or FQDN.