LevelBlue Knowledge Base » Knowledgebase » Legacy Products » Secure Web Gateway » GUI

SWG Management Console (GUI) requires IE Compatibility View settings

Charles — Thu, 30 Oct 2014 19:57:10 GMT

This article applies to:

SWG 11.x
Microsoft Internet Explorer 11

Symptoms:

Administrators are not able to log in to SWG Management console (GUI)
The SWG Management console (GUI) does not notify the user about incorrect username or password

In most cases the login page will look slightly different when using the IE browser.

Normally, the login box should be centered on the screen, but in IE it is as shown below:

Causes:

Newer versions of the Internet Explorer browser are designed to better support recent HTML standards. As a result some of the web components in the SWG UI may not work as in the older IE versions.

Resolution:

Open the Internet Explorer browser, click Tools on the menu bar, and then choose Compatibility View Settings.
Add the IP address or hostname of the SWG Server to the list of websites added to Compatibility View:
Close the Compatibility View Settings dialog and reload the SWG management console. Observe the correct positioning of the login box.

Notes:

Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer.

If you choose to view a website in Compatibility View, as a convenience to you, Internet Explorer will remember this choice and use Compatibility View the next time you visit the site.

Change the IP address for a Policy Server/All-In-One device

Charles — Thu, 09 Oct 2014 11:58:48 GMT

This article applies to:

SWG 10.x - Policy Server / All-In-One
SWG 11.x - Policy Server / All-In-One

Question:

How do I change the IP address for a Policy Server / All-In-One device?

Procedure:

The change is performed in two stages:

1) The IP address is changed on the networking interface, using the relevant Limited Shell commands.

2) The IP address is changed in the SWG database by an update in the SWG GUI.

These stages are detailed in the following steps:

1. Open the SSH connection to the SWG device using its current IP address, and run the config_network command.

2. Type 'Y' to view further options, and then type '2' to view the interfaces currently defined in the system.

3. Choose the option for the interface you want to change; in this case it is interface eth0. Type '1'.

4. Type '1' to change the IP address.

5. Type the new IP address; in this case it is 208.90.236.220/26.

6. Review the new configuration details and type 'Y' to save it:

7. With this change enabled you should expect the SSH connection to fail. Try to open a new SSH connection using the new IP address to make sure that the change worked.

Proceed with the update of the new IP address in the database, using the SWG GUI:

Note: The IP address change has been already performed at the networking level, so you should access the GUI using the new IP address.

8. In the GUI, navigate to the SWG Devices section and highlight the Policy Server device IP.

The left pane should still show the old IP address.

9. Click Edit, and make sure the Device IP in the right pane shows the new IP address.

10. Save and commit the changes.

Quickly rebuild an SWG Virtual Scanner

ofer Kalef — Tue, 11 Feb 2014 01:24:40 GMT

This article applies to:

SWG 10.x
SWG 11.x

Question:

What is the easiest way to recreate an SWG virtual scanner?

Procedure:

1. Remove the virtual scanner from the list of scanners in the Policy Server GUI (right-click the scanner and choose Delete).

2. Download the scanner VMDK and OVF files from the Trustwave SWG download page: https://support.levelblue.com/Secure-Web-Gateway/Upgrade.asp

3. Delete the scanner virtual machine from the VM environment.

4. Create the new scanner VM by placing the OVF and VMDK files in the same folder, and then drag/drop the OVF into the VMware instance (or create the new VM and select the OVF file).

The Scanner should build itself and complete.

5. Boot the new VM scanner and log in with the credentials: admin/finjan (For V11.5 and later the default password is TrustwaveSWG).

6. Run the setup command and provide networking information (this will probably be identical to the previous system that was deleted).

7. Log into the Policy Server GUI and add the new VM scanner to the devices tree.

8. Click Save and commit the changes.

Users exist in more than one LDAP Group

ofer Kalef — Sun, 24 Nov 2013 03:52:40 GMT

This article applies to:

SWG 10.x

Question:

What if the same user exists in 2 or more LDAP groups and each LDAP group has different policies applied, what policy will be applied to the user?

Reply:

If an LDAP user is included in more than one group, the policy implemented will automatically be that of the first group appearing in the list. Group priority is listed from top to bottom.

Filter Entrapper block transactions in the Web Log

ofer Kalef — Sun, 24 Nov 2013 01:52:52 GMT

This article applies to:

SWG 10.x
SWG 11.x

Question:

Is there a filter option to show Entrapper blocks only?

Procedure:

The Malware Entrapment engine, also known as Entrapper, was first introduced with SWG OS 10.1.

1. Go to Logs and Reports > Audit Logs, right-click the selected view and choose View Settings.

2. In the Filter tab, use the settings below to show only Entrapper blocks out of all the log transactions available in the system:

This filter relies on the actual text of the user response action specified for this rule in your policy.

Below is a snapshot of the default End User Message as defined in the Default Security Policy:

And here is the snapshot of the actual text in the message:

If these settings are modified with custom settings make sure to update the suggested filter to reflect the custom settings.

502 Bad Gateway error – Squid is not running

ofer Kalef — Sun, 24 Nov 2013 01:48:51 GMT

INFO:502 Bad Gateway – Squid is not running.

This article applies to:

SWG: 11.x

· Description
In some scenarios Squid won’t start and in the GUI you may see a communication such as:

"This cache server is not active."

· Symptoms

You will see a 502 Bad Gateway error.

· Cause
It is a known bug in Squid that it does not accept some special chars like "_" or "-".

· Solution
Change the hostname to a name without special, reserved characters.

Notes:

Changes like this will cause certain processes to restart on the SWG and may interrupt scanning in a production environment.

It is recommended to do this during a maintenance window where it’s appropriate for the system to go down.

Video streaming contents from youtube.com are not working correctly when served through SWG

ofer Kalef — Mon, 07 Oct 2013 02:09:39 GMT

This article applies to:

SWG 10.x
SWG 11.x

Question:

What is the reason that the video streams from youtube.com are not loading properly when requested through SWG ?

Information:

This one appears to be a brand new ‘known’ issue that was reported by multiple customers during last few days.

Until recently video streams hosted on youtube.com were allowed through SWG by Allow Streaming rule (top rule in the policy).

This rule triggers allow action based on content types that we identify when known streaming contents are served to SWG.

Most likely, there were some changes in the way youtube servers share these streams today, and as a result we are not able to detect it any longer.

Since Allow Streaming rule does not take any action, the contents are sent for scanning through the policy. Status page is triggered as a result and it stalls just like it usually happens with status page.

This issue has been reported internally, and we are expecting to get further instructions from our engineering team.

Before we know what exactly works different with youtube video streaming contents use the following work around to address the issue:

add a new argument to the Unless tab not activate status page whenever Mime Type contains application/octet-stream
save and commit changes:

How to backup SWG

ofer Kalef — Tue, 24 Sep 2013 08:31:31 GMT

This article applies to:

SWG 10.x
SWG 11.x

Question:
How do I create a backup of my SWG settings and configuration?

Procedure:
There is a feature in SWG called "Backup" (or "Rollback" in SWG version 10.x.) This feature allows you to create a backup file of your SWG where it can be saved in an alternate location (backups are not saved locally on the SWG). A backup consists of all data that an administrator can customize in the Management Console (including Policies, Settings etc.).

To create a rollback:

In SWG 10.x, navigate to Administration > Rollback > Rollback Settings

In SWG 11.x, navigate to Administration > Policy Server DB Backup > Backup Settings

From here you can configure a connection method location and scheduling for the backup. If you have any trouble in configuring the backup, click the "?" or F1 Help button to see additional information about backup settings.

Why is backup helpful? In the event of a critical system failure where the SWG is not recoverable, the SWG system can be re-imaged to its default factory settings. After it has been reset to its factory settings, the last saved backup can be applied to the system restoring the custom configuration and settings.

Note:
System backups do not include information in the LogServer database, Reports Server database (see Administration > Reports DB Backup > Backup Settings), Custom Block Messages, and Updates.

Malware Entrapment Profile levels as shown in the weblogs

ofer Kalef — Sun, 15 Sep 2013 01:17:30 GMT

This article applies to:

SWG v10.1 and above

Question:

Malware Entrapment Profile level is set to Strict, however, transaction shows Basic, Medium and Strict levels. Why?
Malware Entrapment Profile is blocking too much/little content. Can I adjust it?

Information:

As of SWG 10.1, the User Interface allows adjustment of Malware Entrapment Profile (MEP) security level. To do this, highlight the Malware Entrapment Profile condition in the "Block Malicious Content (Malware Entrapment Engine)" Rule and set its level as desired in the right pane, as shown below:

Web content will be blocked by MEP up to and including the specified threshold, e.g. if set to Medium, content is blocked if it breaks Basic or Medium. The transaction log will show what MEP level was reached, so if MEP is set to Strict the transaction logs will show Basic, Medium and Strict entries.

Note that if the Logging Policy is set to log more than Blocked/Corrective actions (e.g. "Log everything except images"), then the logs will show MEP levels for traffic that was not blocked, indicating that the Entrapper engine was called but allowed the traffic, as shown in green below:

Notes:

None.

How to configure ISA server in order to forward client IPs for HTTPS traffic as well

ofer Kalef — Fri, 23 Aug 2013 04:48:56 GMT

Description
In an ISA-Finjan-Internet topology, with the Vital Security ISA Connector properly working with HTTP requests, no client IP addresses are forwarded to the Finjan appliance for HTTPS traffic.

Symptoms

Cause
The option "Add headers to HTTPS CONNECT request" is not selected.

Solution
In ISA Server Management, select the Finjan ISA plugin. In the section "Configuration / Add-ins", mark the option as checked.

Software Version
Vital Security IP/Username Forwarding Plug-in for ISA Server 2004 to Vital Security IP/Username Forwarding Plug-in for ISA Server 2004 and ISA Server 2006
v 2.1

This article applies to:: NG 1000; NG 5000; NG 6000; NG 8000

This article was previously published as:

Finjan KB 1887

What is the longest URL that could be added to the URL list?

ofer Kalef — Fri, 19 Jul 2013 01:31:38 GMT

This article applies to:

SWG 10.x

Question:

URL list entry - what is the limit on the URL length ?

Information:

The following error message could show up when adding a very long URL:

When adding a URL from the logs section, the error message would be different:

Every URL list entry is a name stored in the DB being the same as the URL itself
This name field in the DB is limited to 192 chars.

If needed there are ways to extend this field manually, however, these changes are not recommended.

Our recommendation for such URLs is to use a RegEx entry with a wildcard: domain_name*file_name .

Customized messages for user response action are not retained with Version 11.0 upgrade

ofer Kalef — Mon, 08 Jul 2013 02:24:33 GMT

This article applies to:

SWG 11.x

Question:

Why do Block page messages look different after the system is upgraded to Version 11.0?

Information:

This is a known issue with the V11.0 upgrade - Rule Action messages are reset to default.

To restore these messages, we recommend saving them before upgrading the system:

1. Navigate to Policies > End User Messages > Message Template, and select the relevant message template from the Rule Action drop down list.

2. Click the Switch to HTML View button. The message is displayed in HTML, similar to that shown below:

3. Select the HTML code presented in this view, copy it and to paste it into a text file using the text editor of your choice.

4. Save the file and click the Cancel button in the SWG UI.

5. Repeat these steps for the next Rule Action message details.

Once the SWG system is upgraded and running V11.0, follow the steps above to restore the HTML code for the custom messages used by SWG before the upgrade.

SWG URL List search mechanism is case-sensitive

ofer Kalef — Sun, 17 Feb 2013 00:11:02 GMT

This article applies to:

SWG 10.x
SWG 11.0

Question:

Is URL List search mechanism case-sensitive ?

Information:

Starting with SWG 10.1 version administrator may run a quick search on URL entries to find out if a given URL is listed in any URL lists.

It is also possible to run such search queries on a part of the domain name used for this URL.

This search mechanism is case-sensitive, and below example demonstrates that.

1. Create a new URL list with the following entries in it:

TRUSTwave.com/*
TRUSTWAVE.com/*
www.trustwave.com/*

2. Save and commit the changes, and proceed with the search feature by using right-click of the mouse on URL Lists node.

3. Run search for TRUST keyword and see the results:

4. Run another search query, this time using 'trustwave' as keyword :

The results are different, and this may affect the troubleshooting when trying to locate a specific URL entry.

However, it does not affect the business logic, and the action (block or allow) will be taken correctly.

This issue is consistent for all current SWG software versions.

Getting XMLHTTP support error message upon logging to SWG UI

Rudolf Kessler — Wed, 18 Jul 2012 06:11:13 GMT

This article applies to:

SWG 10.1 or higher

Symptoms:

User is getting below error message upon logging to SWG UI:

Causes:

This issue was reported for IE browser(s) but may also be relevant for other browsers.

Resolution:

Make sure that the following Advanced Security option is enabled in IE browser:

How to Reset the Admin Password

Rudolf Kessler — Wed, 23 May 2012 07:19:51 GMT

Description
The administrator password in software version 8.x/9.x/10.x needs to be reset.

Symptoms
Unable to login to the Setup Console (webmin) or to the limited shell as an admin user.

Cause
The admin password has been changed or forgotten.

Solution
In all supported software versions you can reset the admin password to the original password.
To perform this action:

Reboot the machine.
On an NG-1000 or NG-5000, please use the shutdown option available by pressing the down arrow button on the LCD panel.
After you have confirmed the shutdown twice by pressing the ENTER button on the LCD panel, please wait two minutes for the system to complete its soft shutdown prior to turning off the power switch on the back of the appliance.
On an NG-6000/SWG-3000 appliance, press and release the white power button to initiate the shutdown.
The unit will shut off when the soft shutdown is complete.
On an NG-8000/SWG-7000 blade, the restart can be performed from the management module.
Connect a USB keyboard and VGA monitor to the unit, and turn the unit back on.
On an NG-8000/SWG-7000 blade, the management module's remote control feature can be used instead.
Before the operating system loads, you might see a repeating message, saying "Press any key to continue".
Press a key (such as the spacebar) while the message is still repeating.

This will bring up the screen shown in the image below.
If the "Press any key to continue" message does not display, the screen shown in the photograph below should appear automatically.
Within a few seconds of the appearance of the screen shown below, use the down arrow key on your keyboard to highlight 'Reset Admin Password'. Press the Enter key on your keyboard to select this option. Doing so will reset the admin password to: finjan

Software Version
8.x
9.x
10.x

This article applies to:

This article was previously published as:: Finjan KB 1290

Supported web browsers for Admin GUI

Rudolf Kessler — Mon, 14 May 2012 02:28:16 GMT

This article applies to:

SWG 9.x
SWG 10.x

Question:

What web browsers are supported for use with the SWG administration GUI?

Answer:

Officially supported:

Internet Explorer 7 (and higher)
Firefox 1.5 (and higher)
Chrome (all versions)

Unofficially supported:

Safari (all versions)

Not supported:

Opera
Any browsers not mentioned above

Notes:

"Unofficially supported" browsers work for most functionality. Some customers have reported some issues with these browsers that have not been verified or reproduced. If a customer encounters problems accessing the GUI with these browsers, Trustwave does not provide assistance. Trustwave will ask the customer to use an officially supported browser.

What is the "Used in" option for, in the Digital Certificate page

Rudolf Kessler — Mon, 23 Apr 2012 08:24:25 GMT

This article applies to:

SWG 10.x

Question:

What is the "Used in" right-click option in the Digital Certificate page for?

Reply:

It is not relevant in this page since there is no such Content Processor and it is not used in the policies. Ignore it.

Manipulating large URL lists

Eric Hanson — Fri, 10 Jun 2011 18:26:15 GMT

This article applies to:

SWG 9.x
SWG 10.x

Question:

How do I manipulate large URL Lists?

It is possible to export SWG's URL Lists to text files, modify them offline, and import them back into the the system.

Procedure:

To Export a URL List:

Go to Policies -> Condition settings -> URL Lists.
Click on the URL list that you wish to export. There are two ways to export the list to a file.
- Right click the URL list you wish to export, and select Export to File.
- With the URL list selected you wish to export, click the Export to File button in the upper left side of the pane.

To Import a URL List:

Once you have altered the URL list, you can then import it back in by using either of the following two methods.

Right click the URL list and select Import to List.
After selecting the list into which you wish to import, click the Import to List button in the upper left side of the pane.

Rollback and FTP permissions

Rudolf Kessler — Fri, 20 Aug 2010 04:53:44 GMT

Question
Rollback is used to backup the Vital Security NG configurations to FTP/Samba server (network share folder).
It's important to understand how the Rollback process operates for configuration and troubleshooting purposes.

How does the Rollback mechanism operate and what are the needed FTP/Samba permissions for its successful operation?

Answer
The Rollback operates in the following order (in this case Rollback is being configured for the first time and manual backup is performed):

A file named “date” is being written to FTP/Samba folder, it contains date and time of its creation.
A file named “index.xml” is being written to FTP/Samba folder, it contains the string “<?xml version="1.0"?>”
A file named “backup_YYYY_MM_DD_HH_MM_SS.tar.enc” is being written to FTP/Samba folder, it contains the Vital Security appliance's configurations.
A file named “index.xml” that now contains the new created file record, is overwriting the old index.xml file.
Each backup file record inside the index.xml contains the following tags:
<file name="backup_YYYY_MM_DD_HH_MM_SS.tar.enc">
<creation_date year="YYYY" month="MM" day="DD" hour="HH" minute="MM" second="SS" />
<type value="Manual or Scheduled"/>
<ng_version value="8.x.x" />
<description>the description string</description>

Every time Administrator enters Rollback (after the FTP / Samba settings are entered and the administrator clicks on Apply and then on the Refresh button), the system tries to read the index.xml file and to display the entries in it. These entries are the backup files that can be used to restore the previous configuration.

Please note, it is very important that the FTP server will allow permissions to read, write and delete files, otherwise the Rollback will fail.

VSOS
8.5
9.x

This article applies to:: SWG 3000; SWG 5000; SWG 7000

This article was previously published as:: Finjan KB 1400

How does the "Add to URL List" feature work?

support finjan — Sun, 02 Aug 2009 00:00:00 GMT

Question
In the Web log viewer, there is an option to add the URL from the Web log entry to a choice of URL Lists. This allows it to be 'blocked' or 'allowed' according to the Security Policy configured by the end-user.

How does this option work? Not all the customer defined URL lists are displayed in the URL drop-down list, why is this?

Answer
The "Add to URL list" feature works as follows:
The URL lists displayed in the drop-down menu are the URL lists used by the end user's Security Policy.
The logic behind this feature is that if the administrator wishes to block or allow a certain URL entry from the Web Logs, it must be done in accordance with the end user's Security Policy (not according to other URL lists being used by other security policies not related to this specific end user.)

For example:
The Finjan Medium Security Policy was applied to a specific user and the administrator concludes that this URL should be allowed for this security policy.
In order to do so, the administrator must add the URL entry from the Web log to one of this security policy's URL white lists.
In the Finjan Medium Security Policy there are 7 URL lists in use:
Customer Defined Black List and URL Black List (Medium): Used by rule #5, "Block Access to Blacklisted Sites"
Allowed Large Download Sites, Trusted Sites and URL Bypass List (Medium): Used by rule #8, "Allow Trusted Sites"
Customer Defined White List and URL White List (Medium): Used by rule #25, "Allow Access to White Listed Sites"
After clicking on "Add to URL list" these URL lists are indeed listed:

This is the reason that not all URL lists will be displayed in the drop-down menu, but only according to the context of this Web log / URL entry and the security policy of the end user.

Software Version
Versions 9.0 and 9.2

This article applies to:: NG 1000; NG 5000; NG 6000; NG 8000

This article was previously published as:: Finjan KB 1929

Always click "Commit changes" after editing policy items

Eric Hanson — Sun, 03 May 2009 00:00:00 GMT

Question
Why are my latest policy changes not being applied to new transactions?

Answer
After making any policy-related change (such as editing a rule or a list) in the management console, it is necessary to click the Commit changes button, as shown below.

Clicking on Commit changes will push the configuration changes to all of the relevant system components, including the Scanning Server. This is necessary for All in One units as well as distributed environments with a Policy Server and multiple Scanning Servers.

Almost all changes made in the management console must be committed in order to make them active. A few changes do not require a commit because only the Policy Server component needs to be aware of them. Addtionally, changing an IP address in Settings -> Devices will initiate a commit operation automatically, so it is not necessary to click the Commit changes button.

When there is any doubt, clicking the Commit changes button is recommended. If there are no changes to commit, clicking the button will not cause any harm. The system will simply warn the administrator that there are no changes to commit, as shown below. Clicking the Cancel button will close the window.

If the administrator clicks the button and there are pending changes, the system will list the modules that will be affected by the commit operation. This is depicted in the screenshot that follows. When the administrator clicks the OK button, the changes will be committed. It may take a minute for the commit operation to complete. It will be finished when all of the IPs in the Network Roles list (Settings -> Devices) have the same configuration revision.

Software Version
8.3.X
8.4.X
8.5.0

This article was previously published as:
Finjan KB 1578

How to block attachments by Gmail and Google Talk

Amir Foox — Mon, 23 Mar 2009 00:00:00 GMT

Question
How to block attachments from being sent via Gmail and Google Talk services?

Answer
In order to block attachments from being sent through Gmail and Google Talks, please follow the steps below:
1. In the managment console of the Finjan appliance, click on the Lists tab -> URL Lists -> And Create a new URL List called 'Google' as depicted in the screenshot below:
2. Click on the new "Google" URL List you've just created, and then click on the Add button in order to insert a value into it. In the URL field insert the word *google* with asterisks before and after the word, click Apply and Commit the changes as depicted below:
3. Click on the Policies tab -> Click on your customized / replicated policy in order to select it and create a new rule, as so:
4. In the Rule Editor, give the new rule an appropriate name, such as: 'Block Google Attachments'. Make sure the User Response Action is set to 'Block', and pick a reason page that the end user will see.
Proceed and click on the 'Direction' condition and set it to 'Outgoing'.
Continue and click on the 'URL Lists' condition and make sure you pick the new URL list you just created on steps 1 and 2.
Finally, click on the 'True Content Type' condition and pick all the file types you want to block the user from uploading using Gmail and Google Talk, Click OK and Commit the changes, as depicted in the screenshot below:

Software Version
8.4.3
8.5.0

This article applies to:
NG 1000
NG 5000
NG 6000
NG 8000
This article was previously published as:
Finjan KB 1786

Cannot Export Policy File Using IE Browser

support finjan — Mon, 23 Mar 2009 00:00:00 GMT

This article applies to:
NG 1000
NG 5000
NG 6000
NG 8000
This article was previously published as:
Finjan KB 1529

Creating a custom message for Coaching in 8.4.3

support finjan — Mon, 23 Mar 2009 00:00:00 GMT

Description
The option to choose a custom defined message for the Coach action in a rule is disabled.

Symptoms
In 8.4.3, it is no longer optional to choose a configured message as a reason in a coach action rule.

(The reason field is grayed out when you choose Coach as a user response action):

Cause
As the Coaching action is only related to the URL policy being violated, it was decided that having more than one type of coaching messages is irrelevant.

Solution
After defining a custom message for the Coaching action - it will automatically become the default one and will be shown in every Coaching rule.

Software Version
8.4.3

This article applies to:
NG 1000
NG 5000
NG 8000
This article was previously published as:
Finjan KB 1476

How to log HTML Repaired transactions?

support finjan — Mon, 23 Mar 2009 00:00:00 GMT

Question
One of the most valuable services provided by Finjan Vital Security for Web appliances is the ability to track the processed information in the logs.
By default, VSOS 8.5.0 and above provides the following logging policies:
- Log All Protective Actions;
- Log All Protective Actions and Web Pages;
- Logging everything except Image files;
The extended logging policy, logging everything except Image files, provides detailed information. However, it has very important constraint causing huge I/O load to the system.
The HTML Repair feature causes malicious scripts on an HTML page to be automatically detected and repaired, and the HTML page is sent on to the end-user in a transparent manner.
Note: The HTML Repair feature is enabled by default.

Ability to log HTML repaired transcations is one of the reasons users might consider using this logging policy instead of any other alternative.

This article describes how to create new logging policy that combines the flexibility of the data being logged with the minimal load caused to the system.

Answer
1. Browse to the Policies section of the management console of Finjan VSOS 8.5.0 and expand the logging policies node.
2. Highlight the default, Log All Protective Actions, logging policy and click Duplicate button on the top as shown below:
3. Set Log Defaults and HTML Repaired Transactions for this new logging policy:
4. Highlight new logging policy and click New Rule button:
5. Rule editor windows pops up. Set this rule conditions as shown below and click OK.
(Set send to archive/log/report/syslog options according to your preferrences)
5. Decide what should be the place/priority of this rule and move it down with the up/down icons.
Save the policy before you commit these changes.
6. Commit these changes.
7. Browse to the Users section and set this logging policy for specific user(s) or group(s):
8. Apply and commit the changes.

Software Version
8.5.0

This article applies to:
NG 1000
NG 5000
NG 6000
NG 8000
This article was previously published as:
Finjan KB 1742