Introduction
This document describes how to resolve compatibility issues with Secure Web Gateway (SWG) and Symantec products with LiveUpdate.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on Cisco Secure Web Gateway.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Problem
This article targets users of the Secure Web Gateway (SWG) and Symantec products with LiveUpdate. If you are not using these products with SWG, this article does not apply.
This article applies to Symantec users utilizing SWG via the Cloud Delivered Firewall (CDFW), AnyConnect SWG Agent, PAC file, or any other method of connection to SWG while SAML user authentication is active. In the default configuration, using SWG can cause Symantec to crash, causing a blue screen in Windows.
Mandatory SAML & HTTPS Exclusion
When SAML authentication is active on the SWG, all queries that do not come from a session capable browser receive a redirection response that cannot be completed. In some cases, this can cause an unexpected behavior in the requesting application.
Solution
- Add liveupdate.symantecliveupdate.com to the HTTPS decryption bypass list.
- This also bypasses the SAML authentication requirement.
- Add liveupdate.symantecliveupdate.com to the Domain Management > External Domains list if using PAC or SWG Module in AnyConnect.
Cause
In Synamtec LiveUpdate, liveupdate.symantecliveupdate.com must be added to the HTTPS decryption exception list to allow LiveUpdate to function. This excludes these requests from the SAML requirement and answer the request with a standard policy response.
Feedback