Common Gateway Security 9.0 issues:

 

URL filtering download issue for Gateway Security 9.0 - SFControl file version doesn’t change from 26752.


Download the following executable and execute it on the Gateway Security Control Center host – it will update the hosting server for the URL DB subscription download.
 
File name: 9.0 - URL DB Update.exe
Website link: https://totaldefense.egnyte.com/h-s/20121211/3684af85edfa4155
 
After fix implementation you must distribute settings from the Manager Console on the Control Center.

 

 

 

Commons AM signature issue resolution:

Gateway Security AV signature is not updating stuck at either @ version 6020 or 6021
Here is a quick procedure to resolve your issue –skipping to latest accumulative signature file.

1. Rename the vet.dat under X:\Program Files\CA\Gateway Security\AM\Dat\

2. From Gateway Security Manager Console hit F8 to force new update.



CA Gateway Security 8.0 End of support:

Secure Content Manager 8.0 was discontinued as of June 1st, 2012.




Step 1 CA / TD Gateway Security 9.0 troubleshooting

 

Please apply the following patch on the CAGS 9.0 server host.
1. Download the CAGS9.0 SE1 Cumulative fix (RO40798) form
https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=RO40798&actionID=4
 
From a command line run:
cazipxp –u RO32642.CAZ

Run the run the self-implementer exe on the CAGS host – it will require a server reboot.

 

How to enable debug for CAGS/TDGS ver 9.0/8.1

HTTP Debug essentials:


For initial HTTP issue analysis please provide the HTTP debug logs following this procedure
 
1. Backup and keep aside existing log files from both following folders (in order to remove obsolete info and reduce Getinfo size and download time)
\Program Files\CA\Gateway Security\Log
\Program Files\CA\SharedComponents\ScanGateway\LOG
\Program Files\CA\Gateway Security\Log
\Program Files\CA\SharedComponents\ScanGateway\LOG
However don’t delete them they might be required.
2. Enable debug login via both registry and icihome.ini (will require distribution from Manager Console).
c:\windows\icihome.ini (this will enable the Proxy server layer debugging):
ENABLE_HTTP=3
c:\windows\icihome.ini (this will enable the Proxy server layer debugging):
ENABLE_HTTP=3
Enable Registry debug for the following set them to 0 (Content Filtering engine):
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust\Gateway Security\9.0\Logger
 
For 8.1 versions:
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust\Gateway Security\8.1\Logger

_DCollSrv_Severity
_Icihttp_Severity
_DATAPR~1_Severity
 
3. Reproduce the problem:
· it case it involve a specific Domain user or group please provide user name (domain\user) and domain group which was used to reproduce the issue.
· In case HTTP issue involves a specific URL please provide explicit URL.
· In case issue involve a specific file – please provide file.
Send a short description on HTTP traffic flow and network env for example:
Incoming: Internet à FW à Proxy à CAGS à end user
Outgoing: end user (browser type) à Gateway Security à upstream proxy à FW à internet.
 
4. Run Getinfo.exe from C:\Program Files\CA\Gateway Security\Bin and upload fresh logs to FTP and explicitly state link username and password.
5. When debug session is done you must reset values in both reg and icihome to their default values and distribute changes via Manager Console in order to stop the debug logging (it degrades server’s performance).



SMTP Debug essentials:


For initial HTTP issue analysis please provide the HTTP debug logs following this procedure
 
1. Backup and keep aside existing log files from both following folders (in order to remove obsolete info and reduce Getinfo size and download time)
\Program Files\CA\Gateway Security\Log
\Program Files\CA\SharedComponents\ScanGateway\LOG
\Program Files\CA\Gateway Security\Log
\Program Files\CA\SharedComponents\ScanGateway\LOG
However don’t delete them they might be required.
 
2. Enable debug login via both registry and icihome.ini (will require distribution from Manager Console).
c:\windows\icihome.ini:
ENABLE_SMTP=3 (controls the SMTP sever receiving portion)
c:\windows\icihome.ini:
ENABLE_SMTP=3 (controls the SMTP sever receiving portion)
ENABLE_SMTPMail=3 (controls the SMTP sever delivery portion)
Enable Registry debug for the following set them to 0
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust\Gateway Security\9.0\Logger
 
 
 
For 8.1 version:
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust\Gateway Security\8.1\Logger

_DCollSrv_Severity
_Icismtp_Severity
_DATAPR~1_Severity
_DATABR~1_Severity
_DataBridge_Severity
 
3. Reproduce the problem so it will reflect in logs.
· In any SMTP case state the SENDER and RECIPIENT name of the questioned email.
· Submit examples of such email in .msg format – don’t forward them we will lose important header stamping, zip the original .MSG and upload it via FTP.
Send a short description on SMTP traffic flow and network env, examples:
· Incoming email : Internet à Gateway Security configured as first MX à Exchange à end user
· Incoming email : Internet à ISP MX point to CAGS à FW à Gateway Security à Exchange à end user
· Outgoing: end user à Exchange à Gateway Security à FW à MTA à internet.
 
4. Run Getinfo and upload fresh logs - Upload the new getinfo to the issue’s FTP and send me explicit FTP link with user and password !
5. When debug session is done you must reset values in both reg and icihome to their default values and distribute changes via Manager Console in order to stop the debug logging (it degrades server’s performance).

 

 

First Step CA Gateway Security 8.1 troubleshooting :


Please apply the following patches in the following order on the CAGS 8.1 server host.
1. Download the CAGS8.1 SE Cumulative fix 4 (RO32642.CAZ file) form
https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO32642&os=NT&actionID=3
you can extract the CAZ using CAZIPXP utility available @ https://support.ca.com/irj/portal/anonymous/kbtech?searchID=TEC325092&docid=325092&bypass=yes&fromscreen=kbresults
 
from a command line run:
cazipxp –u RO32642.CAZ
Run the run the self-implementer exe on the CAGS host – it will require a server reboot.
 
2. Download the CAGS8.1 SCANENGINE UPDATE - RO37593 it must be implemented on top of RO32642
https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO37593&os=NT&actionID=3
Extract the RO37593.CAZ file with the CAZIPXP and run the self-implementer exe file then reboot the server.