SWG 10.x.x Known Issues and Workaround

Last updated
Save as PDF

Known Issues and Workaround

For a list of issues that are currently known, see the table below.


SWG 10.2.15	SWG 10.2.14	Issue: 10.2.14 uses an updated version of Tomcat. This new version of Tomcat causes SWG to suffer an incompatibility with the authentication method "client certificate authentication." This authentication method is only available when using the SWG UI as a Java Applet (logging in via the browser login page). Detailed information about client certificate authentication can be found on the SWG documentation page. NOTE: Most current browsers don't support Java Applets. The most notable browser still supporting them is the old Internet Explorer 11, but this is now End of Life. You see the following entries, present in the log file /opt/mwg/log/mwg-errors/mwg-ui.errors.log: [ERROR] Cannot determine if client certificate is enabled due to implementation changes in Tomcat: java.lang.NoSuchFieldException: endpoint
SWG 10.2.2	SWG 10.2.1	Reference number- WP-4043 Issue: You can't log in to the SWG GUI by using any external managed admin account. Logging in using the local admin account still works. The following setting is disabled: Accounts > Administrator accounts are managed externally If you enable the setting and save changes, it's disabled again after a few minutes. Workaround: Use the local admin account.
SWG 10.2.4	SWG 10.2	Reference number- TSWS-6000 Issue: After you update SWG 10.2–10.2.3 or earlier, DATs} and Gateway DATs fail to update. SWG 10.2.3 and earlier don't support the GAM Engine 2021.1. Resolution: Update to 10.2.4 or later. Workaround: If you continue to use 10.2.3 or earlier, you need to remove all updates. Also, it runs with GAM Engine 2019 after you follow this workaround: Log on to the SWG appliance using SSH or the console. Stop the main mwg process: Type service mwg stop and press Enter. Delete the patterns saved: Type cd /opt/mwg/plugin/data/antivirus and press Enter. Type rm -rf * and press Enter. Delete temp data or the broken pattern that's saved: Type cd /opt/mwg/temp and press Enter. Type rm -rf * and press Enter. Start the mwg process again: Type service mwg start and press Enter. Manually update the engine through the Manager: Click Configuration, Appliances, Update Engine, Trigger Update. Reference number- WP-3868 Issue: You disable the Enabled Openers rule set and configure the Gateway Anti-Malware Engine as Avira only. But, Avira doesn't detect specific or modified Eicar files inside the archive. Workaround: Open SWG Policy under Common Rules, and enable the Enable Opener Rule set. Reference number- WP-3541 Issue: Adding new HSM keys in the SWG UI fails if the HSM server is already started and running. Workaround: Restart the HSM Server from the SWG UI after you add new keys.
SWG10.2 10.0.1-10.1	SWG10.0.1-10.1	Reference number- WP-2823 Issue: In the HAProxy mode, when using the Virtual IP address, the settings for connection timeouts configured in event enable proxy control are ignored. The HAProxy only relates to general timeout settings. Workaround: Increase the general timeout settings in SWG or increase the timeout on the remote site
SWG 10.1	SWG 10.0.1-10.0.2	Reference number- WP-3305 Issue: You intermittently see an anti malware engine update error: [AV] [UpdateFailed2] Error updating the Antivirus engine. Reason: 'Error starting engine 'McAfee Gateway Anti-Malware', error code: 5'." You also see that service restarts take about 40 minutes rather than the expected 5 minutes.
SWG 10.2.10		Random f.txt files no longer download incorrectly on Chrome and Edge browsers.

SWG 10.2.15

SWG 10.2.14

Issue: 10.2.14 uses an updated version of Tomcat.
This new version of Tomcat causes SWG to suffer an incompatibility with the authentication method "client certificate authentication."
This authentication method is only available when using the SWG UI as a Java Applet (logging in via the browser login page).
Detailed information about client certificate authentication can be found on the SWG documentation page.

NOTE: Most current browsers don't support Java Applets.
The most notable browser still supporting them is the old Internet Explorer 11, but this is now End of Life.
You see the following entries, present in the log file /opt/mwg/log/mwg-errors/mwg-ui.errors.log:

[ERROR] Cannot determine if client certificate is enabled due to implementation changes in Tomcat: java.lang.NoSuchFieldException: endpoint

SWG 10.2.2

SWG 10.2.1

Reference number- WP-4043

Issue: You can't log in to the SWG GUI by using any external managed admin account. Logging in using the local admin account still works.

The following setting is disabled: Accounts > Administrator accounts are managed externally

If you enable the setting and save changes, it's disabled again after a few minutes.

Workaround: Use the local admin account.

SWG 10.2.4

SWG 10.2

Reference number- TSWS-6000

Issue: After you update SWG 10.2–10.2.3 or earlier, DATs} and Gateway DATs fail to update. SWG 10.2.3 and earlier don't support the GAM Engine 2021.1.

Resolution: Update to 10.2.4 or later.

Workaround: If you continue to use 10.2.3 or earlier, you need to remove all updates. Also, it runs with GAM Engine 2019 after you follow this workaround:

Log on to the SWG appliance using SSH or the console.
Stop the main mwg process:
Type service mwg stop and press Enter.
Delete the patterns saved:
Type cd /opt/mwg/plugin/data/antivirus and press Enter.
Type rm -rf * and press Enter.
Delete temp data or the broken pattern that's saved:
Type cd /opt/mwg/temp and press Enter.
Type rm -rf * and press Enter.
Start the mwg process again:
Type service mwg start and press Enter.
Manually update the engine through the Manager:
Click Configuration, Appliances, Update Engine, Trigger Update.

Reference number- WP-3868

Issue: You disable the Enabled Openers rule set and configure the Gateway Anti-Malware Engine as Avira only.
But, Avira doesn't detect specific or modified Eicar files inside the archive.

Workaround: Open SWG Policy under Common Rules, and enable the Enable Opener Rule set.

Reference number- WP-3541

Issue: Adding new HSM keys in the SWG UI fails if the HSM server is already started and running.

Workaround: Restart the HSM Server from the SWG UI after you add new keys.

SWG10.2 10.0.1-10.1

SWG10.0.1-10.1

Reference number- WP-2823

Issue: In the HAProxy mode, when using the Virtual IP address, the settings for connection timeouts configured in event enable proxy control are ignored. The HAProxy only relates to general timeout settings.

Workaround: Increase the general timeout settings in SWG or increase the timeout on the remote site

SWG 10.1

SWG 10.0.1-10.0.2

Reference number- WP-3305

Issue: You intermittently see an anti malware engine update error:

[AV] [UpdateFailed2] Error updating the Antivirus engine. Reason: 'Error starting engine 'McAfee Gateway Anti-Malware', error code: 5'."

You also see that service restarts take about 40 minutes rather than the expected 5 minutes.

SWG 10.2.10

Random f.txt files no longer download incorrectly on Chrome and Edge browsers.