Cannot enable SSL Interception for Universal or WSS enforcement
Last Updated April 13, 2018
You are trying to enable SSL Interception (on the Visual Policy Manager, also known as VPM, on the SSL Interception layer) with the Web Security Service (for policies applied only to Web Security Service) or Universal (policies applied to both Appliance and WSS) enforcement, but you are receiving an error. It only seems to work from Appliance enforcement.
Management Center, Web Security Service, and Proxy SG with SGOS 184.108.40.206
"The detect_protocol property is enabled on most of the WSS services. Please ensure that WSS service configuration matches your policy expectations". (The SSL Intercept. an action is shown in red)."
Close the VPM editor (if opened), and open an SSH session to your Reference ProxySG.
Type "en" (without quotations) to enter the Enabled mode.
Type "load policy classification" (without quotations), and wait for the Proxy to update, as shown below:
Finish the SSH session, and re-open the VPM editor.
Write the SSL Interception rule on the SSL Interception layer again. (Example: Any-Any, Action: SSL Interception enabled, Enforcement: WSS).
You should be able to save the policy now. Proceed to apply it to the corresponding targets.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe