Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

SWG 11.x.x Known Issues and Workaround

Known Issues and Workaround

For a list of issues that are known, but not resolved yet, see the table below.

Fix Version Found Version Description
11.2.11 11.2.10

Issue: After update to version 10.2.21, 11.2.10, 12.1.3, 12.2.0 the UI service will not start properly. Error descriptions show different errors, the specific root cause identifies as:

"Caused by: javax.xml.stream.XMLStreamException: Maximum attribute size limit (524288) exceeded"

Workaround:

It is possible upgrading related limit by upgrading related SWG code/libraries. To retrieve upgraded version, please contact support. This Issue is fixed with WP-5462.

Solution:

Issue is fixed in version 11.2.11, release date is June 13, 2023

 

11.2.5     

 

 

         

 

 

11.2.0

 

 

   

 

 

Issue: After you update a central management cluster from 10.2.x to 11.2.x (specifically 11.2.4 or earlier), you see one of the following issues:

  • Following error is seen when you dont have access to UI: Error while receiving data. Received 'HTTP:200'
  • System list updates fail with the following error: System Lists update failed, with ID 333

Workaround: Run the following commands on each cluster node via CLI:

service mwg-core stop
rm /opt/mwg/plugin/data/DLP/0/lists -rf
service mwg-core start

After the service restart, a new list is created automatically.

NOTE: This workaround includes a service restart; all connections will be disconnected and no connections will be accepted until the service is started again.

Solution: This issue is fixed in version 11.2.5; release date is November 15, 2022.

11.2.4         

 

 

 

         

 

11.2.3            

 

 

 

 

     

 

 

                 

Issue: 11.2.3 uses an updated version of Tomcat.
This new version of Tomcat causes SWG to suffer an incompatibility with the authentication method "client certificate authentication."
This authentication method is only available when using the SWG UI as a Java Applet (logging in via the browser login page).
Detailed information about client certificate authentication can be found on the client certificate authentication page.

NOTE: Most current browsers don't support Java Applets.
The most notable browser still supporting them is the old Internet Explorer 11, but this is now EOL.
You see the following entries, present in the log file /opt/mwg/log/mwg-errors/mwg-ui.errors.log:

[ERROR] Cannot determine if client certificate is enabled due to implementation changes in Tomcat: java.lang.NoSuchFieldException: endpoint

 

Issue: After you reboot, the kdump service fails to start. The current kdump service included in SWG isn't compatible with the latest kernel upgrade provided as part of the September 20, 2022 releases.
The kdump service handles kernel failures that occur and recovery from these issues.
When this service is non-functional, kernel failures cause the appliance to become unresponsive, and a manual power cycle is needed to get the appliance back to a working state.

Workarounds: This issue on installation can be avoided and prevent the kernel package from being upgraded.

NOTE: This workaround is only applicable to the CMD method of upgrade.
Instead of running yum upgrade yum && yum upgrade, run yum upgrade yum && yum upgrade --exclude=kernel*

If already upgraded>edit the config files>  allow the appliance to recover from the kernel failure> and automatically reboot after 5 secs:

  1. Edit the sysctl.conf file from the SWG-UI.
  2. Add the line kernel.panic=5 outside the auto generated block.
  3. Save your changes.

11.1.14

 

 

 

       

11.1

 

 

 

               

               

  

Issue: Your Browser response page shows corrupted text. No errors are seen in the SWG logs. 

Solution: This issue is fixed in version 11.1.4.

Issue: Your browser triggers a file download, which is a text file named "f.txt." No errors are seen in the SWG logs. 

Solution: This issue is fixed in version 11.1.4.

Issue: Memory-leak leads to one or more of the following issues:

  • Appliance not reachable

  • SWG stops handling network traffic

  • No access to SWG UI

Resolution: This issue is fixed in version 11.1.4

11.2.25 (Planned on 24th July)

11.2.24

Issue: In the latest SWG release 11.2.24, a save operation post addition or updates to the below configuration items might fail with an error message popup being displayed in UI.

NOTE: If you intend to change configuration values for any of the following fields, Skyhigh recommends not upgrading to 11.2.24.

Central Management:
    - IP addresses and ports of this node used for central management communication
    - Group network
   
Proxies > Data Exchange Layer:
    - Subscription Topics
    - Services

Date and Time
Bandwidth Control:
    - Interface names, for which classes need to be applied.
   
Hardware Security Module:
    - Keys to be loaded
    - HSM server port definition list

  • Was this article helpful?