Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Reference Number
Related Article
Found in SWG Version
Resolved in SWG Version
Issue Description
10.2.14
Issue: 10.2.14 uses an updated version of Tomcat.
This new version of Tomcat causes SWG to suffer an incompatibility with the authentication method "client certificate authentication."
This authentication method is only available when using the SWG UI as a Java Applet (logging in via the browser login page).
Detailed information about client certificate authentication can be found on the SWG documentation page.
NOTE: Most current browsers don't support Java Applets.
The most notable browser still supporting them is the old Internet Explorer 11, but this is now End of Life.
You see the following entries, present in the log file /opt/mwg/log/mwg-errors/mwg-ui.errors.log:
[ERROR] Cannot determine if client certificate is enabled due to implementation changes in Tomcat: java.lang.NoSuchFieldException: endpoint
WP-4935
10.2.14
10.2.15
Issue: After you reboot, the kdump service fails to start.
The current kdump service included in SWG isn't compatible with the latest kernel upgrade provided as part of the September 20, 2022 releases.
The kdump service handles kernel failures that occur and recovery from these issues.
When this service is non-functional, kernel failures cause the appliance to become unresponsive, and a manual power cycle is needed to get the appliance back to a working state.
Workarounds: You can avoid the issue on installation and prevent the kernel package from being upgraded.
NOTE: This workaround is only applicable to the CMD method of upgrade.
Instead of running yum upgrade yum && yum upgrade, run yum upgrade yum && yum upgrade --exclude=kernel*
If you've already upgraded, edit the config files and allow the appliance to recover from the kernel failure and automatically reboot after 5 s:
Edit the sysctl.conffile from the SWG-UI.
Add the line kernel.panic=5outside the autogenerated block.
Save your changes.
WP4650
10.2.10
Issue: Your browser response page shows corrupted text. No errors are seen in the SWG logs.
Solution: This issue is fixed in version 10.2.10.
Issue: Your browser triggers a file download, which is a text file named "f.txt." No errors are seen in the SWG logs.
Solution: This issue is fixed in version 10.2.10.
WP-4646
10.2.4
10.2.10
Issue: Memory-leak leads to one or more of the following issues:
Appliance not reachable
SWG stops handling network traffic
No access to SWG UI
Resolution: This issue is fixed in version 10.2.10.
WP-4043
10.2.1
10.2.2
Issue: You can't log in to the SWG GUI by using any external managed admin account. Logging in using the local admin account still works.
The following setting is disabled: Accounts > Administrator accounts are managed externally
If you enable the setting and save changes, it's disabled again after a few minutes.
Workaround: Use the local admin account.
Reference Number
Related Article
Found in SWG Version
Resolved in SWG Version
Issue Description
TSWS-6000
10.2
10.2.4
Issue: After you update SWG 10.2–10.2.3 or earlier, DATs and Gateway DATs fail to update. SWG 10.2.3 and earlier don't support the GAM Engine 2021.1.
Resolution: Update to 10.2.4 or later.
Workaround: If you continue to use 10.2.3 or earlier, you need to remove all updates. Also, it runs with GAM Engine 2019 after you follow this workaround:
Log on to the SWG appliance using SSH or the console.
Stop the main mwg process:
Type service mwg stop and press Enter.
Delete the patterns saved:
Type cd /opt/mwg/plugin/data/antivirus and press Enter.
Typerm -rf * and press Enter.
Delete temp data or the broken pattern that's saved:
Type cd /opt/mwg/temp and press Enter.
Type rm -rf * and press Enter.
Start the mwg process again:
Typeservice mwg start and press Enter.
Manually update the engine through the Manager:
Click Configuration, Appliances, Update Engine, Trigger Update.
WP-3868
10.2
Issue: You disable the Enabled Openers rule set and configure the Gateway Anti-Malware Engine as Avira only.
But, Avira doesn't detect specific or modified Eicar files inside the archive.
Workaround: Open SWG Policy under Common Rules, and enable the Enable Opener Rule set.
WP-3541
10.0.1.x
Issue: Adding new HSM keys in the SWG UI fails if the HSM server is already started and running.
Workaround: Restart the HSM Server from the SWG UI after you add new keys.
WP-2823
10.0.1, 10.0.1.2, 10.0.2, 10.1
10.2
Issue: In the HAProxy mode, when using the Virtual IP address, the settings for connection timeouts configured in event enable proxy control are ignored. The HAProxy only relates to general timeout settings.
Workaround: Increase the general timeout settings in SWG or increase the timeout on the remote site.
WP-3305
10.0.1, 10.0.1.2, 10.0.2
10.1
Issue: You intermittently see an antimalware engine update error: