User policy conditions don’t match after upgrade to 188.8.131.52 when using Web VPM
Last Updated February 06, 2019
Advanced Secure Gateway (ASG) version 184.108.40.206, ProxySG version 220.127.116.11, and Reverse Proxy (RP) version 18.104.22.168 have been removed from general availability on the customer download site but is available upon request in Limited Availability (LA). SGOS Release 22.214.171.124 contained an issue in the Web Visual Policy Manager (Web VPM) that could result in changes to the installed policy with no warning displayed.
The new Web VPM should NOT be used in ASG/SG/RP 126.96.36.199. If it has already been used, Symantec recommends that proxy administrators verify their existing policy and then download ASG/SG/RP version 188.8.131.52 which contains a fix for this issue.
In SGOS 184.108.40.206, a defect in the code causes a problem where user objects created or reinstalled using the Web VPM get changed to group objects. This causes the rule referencing such objects to not match during evaluation. For example, a rule referencing such an object that is configured to deny access to a web site will allow access after using the Web VPM. This issue is identified as bug SG-8612.
Bug SG-8612 has been resolved.
Upgrading to SG/ASG/RP 220.127.116.11 will fix the issue by correcting the erroneous policy.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe