The ProxySG appliance reports a 401 Unauthorized error when switching the Data Source to Intelligence Services and trying to download the database, despite the fact that the appliance has a valid subscription for Symantec Intelligence Services.

The most common cause of this issue is not associating the Symantec Intelligence Services Subscription Service to the ProxySG Serial number in the licensing portal before attempting to switch the service on the appliance.

Browse to the licensing portal:
https://support.symantec.com > Hover over Licensing > Click Network Protection Licensing

Once logged in:

1. Click the "ProxySG" link in the Left panel (For Advanced Secure Gateway (ASG) click the "Advanced Secure Gateway" Link in the left panel)
2. Click on "Software Add-On Activation" link
3. Enter ProxySG Serial Number you are linking the Symantec Intelligence Services Subscription to
4. Enter the Activation Code (Password) for the Symantec Intelligence Services Subscription (Contact Customer Care if you need this code again)
5. Click Submit

Once the Symantec Intelligence Services Subscription is attached to the ProxySG Serial Number in the Licensing Portal, the licensing on the ProxySG will need to be retrieved again for it to get updated with the new Symantec Intelligence Services subscription details.

Manually downloading the license will update items in the View section of licensing, however it will not update the items that are shown in the Subscription section of licensing.  This section is where Intelligence Services components will be listed.  Since this section is not contained in the license file, it requires a live connection to the subscription service.  This can be confirmed by an affirmative response when Update or Retrieve is clicked.

Items to consider if there is communication failure are DNS settings, unintentional forward hosts, possible certificate trust issues if a forward host intercepts this connection.  Mutual authentication is required and will be lost in any type of SSL interception that takes place between this service and the host.