You have recently migrated or installed the Symantec Messaging Gateway(SMG) or updated to a software release lower than 9.0, but you cannot see the Symantec Threatcon applet on the Dashboard page.
- In BrightmailLog.log, the following error may appear:
ERROR - Cannot retrieve the Symantec DeepSight ThreatCon file...
The Control Center appliance cannot resolve securityresponse.symantec.com in the DNS or cannot connect to http://securityresponse.symantec.com
The proxy settings configured in the Control Center are not accurate (If you are running SMG version 9.0 or later)
NOTE: All releases prior to 9.0 required a direct connection from the Control Center to the Internet to retrieve the ThreatCon status, if you are running an older release, Symantec recommends upgrading to the latest version available where you can also leverage the proxy configuration to retrieve the ThreatCon status.
For versions prior to 9.0:
Confirm that the Control Center can resolve the DNS name securityresponse.symantec.com
1. Log into the Control Center as an administrator
2. Select Administration->Utilities
3. Select the control center appliance in the pulldown list
4. Enter securityresponse.symantec.com in the host name field and record type A
5. Click "Run"
- Check your network security and firewall policies to ensure that the Control Center appliance is allowed to establish an outbound TCP connection to port 80. The Control Center web application currently does not use the rule update proxy settings from Administration->Configuration->Host->Proxy when updating the ThreatCon data and requires a direct connection to http://securityresponse.symantec.com.
- If you have confirmed that the Control Center can connect on port 80 to securityresponse.symantec.com, then you may need to force it to retrieve the ThreatCon data. You can do this by restarting the Control Center service:
1. Log into the Control Center's command line either via SSH or a local session, using the "admin" login
2. Run the command "service controlcenter restart"
3. Once the service has restarted, log into the web interface and check the ThreatCon information.
For versions 9.0 and later:
If you have configured a proxy server on the Control Center, the following will be logged in the BrightmailLog.log if you are having issues with proxy address, port or credentials:
A) If the proxy server needs a credential (user/password), but they are not provided, you will see IOException (Server will return HTTP response code: 407 for the URL)
B) If the proxy server needs credential (user/password), but you provided the wrong information, you will see ProtocolException (Server redirected too many times (20))
C) If the proxy server has the wrong address or port settings, the connection will timeout and you will see Exception (ConnectException: connection timed out) or (SocketTimeoutException: connect timed out).
- Symantec Messaging Gateway 9.0 or lower