Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Migrate from WPS to WPS2 (ePO-managed SCP Agent and Policy)

  1. Last updated
  2. Save as PDF

Verification

Check Accounts

Make sure that your Skyhigh Security accounts are working as expected and check that your ePO Cloud accounts were successfully migrated to Skyhigh Security Cloud. 

  1. Log on to Skyhigh Security Cloud (https://auth.ui.trellix.com)
    Use your email ID and password (the same account credentials as the administrator for ePO Cloud).
  2. Confirm if the logon was successful or if you receive an error message for a failed logon attempt.

If any needed account is not working, contact Skyhigh Security Support

Check the Customer ID

Verify that the Customer ID remains the same:

  1. Log on to ePO Cloud.
  2. Go to MenuWeb ProtectionGetting Started.
  3. Make a note of the Customer ID.
  4. Log on to Skyhigh Security Cloud.
  5. Go to Settings > Infrastructure > Client Proxy Management.
  6. Click Global ConfigurationTenant Authentication.
  7. Compare if the displayed Customer ID matches the one in ePO Cloud. If not, contact Skyhigh Security Support.

Verify Data

Verify that data from ePO Cloud is available in Skyhigh Security Cloud:

  1. Log on to Skyhigh Security Cloud.
  2. Go to Dashboards > Web Dashboard
    The predefined Dashboard Cards usually show data from the past seven days. For details, see About the Web Dashboard. If the data is missing or the displayed data is incorrect, open a Service Request.
    NOTE: You'll need to recreate custom reports using the reporting and analytics features within Skyhigh Security Cloud.
  3. Check all the web traffic logs at Analytics > Web > Web Traffic. 
    If the data is missing or the displayed data is incorrect, contact Skyhigh Security Support.

Update Data Residency and Log Privacy

Review ePO Cloud Settings

  1. Log on to ePO Cloud.
  2. Click Policy > Web Policy, select Settings, and select Data Residency Settings.
  3. Note the Data Residency configuration.
  4. Select Log Privacy Settings.
  5. Note the fields that are concealed.

Update Skyhigh Security Cloud Settings

  1. Log on to Skyhigh Security Cloud.
  2. Go to Infrastructure > Web Gateway Setup.
  3. Edit Log Data Residency and configure it in the same way as it was configured in Trellix ePO Cloud.
  4.  For Log Privacy Settings, select the same fields to be concealed as in Trellix ePO Cloud.

Update SCP Configuration

Transfer SCP Credentials from ePO Cloud to Skyhigh

Export SCP credentials from Trellix ePO Cloud to Skyhigh Security Cloud, so the SCP clients can use the same credentials to connect to the cloud service. 

  1. Log on to Trellix ePO Cloud.
  2. Go to Policy Catalog > Select the product as "Skyhigh Client Proxy" and the category as "SCP Policy".
  3. Select and open any active policy.
  4. Under Client Proxy Settings, select Client Configuration.
  5. Click Export Customer Credentials > OK.

Edit the Credentials XML

  1. Download the file ePOExportPassword.xml and open it in a text editor.
  2. Scroll towards the end (Extreme Right) before closing the </SCPCredentials> tag
  3. Place (paste) the following information just before the </SCPCredentials> tag:

<KeepDomainName>true</KeepDomainName>

Place the line between the </CustomerID> and </SCPCredentials> tags. This is an additional option that is required that ePO Cloud did not support.

  1. Save the ePOExportPassword.xml file

Import SCP Credentials into Skyhigh

  1. Log on to Skyhigh Security Cloud.
  2. Click the Settings > Infrastructure > Client Proxy Management.
  3. Go to Global Configuration > Tenant Authentication.
  4. Click Actions > Import Credentials, then browse to the modified ePO ExportPassword.xml file.

    Be sure to have completed all the configuration steps described on this documentation page so far, then refresh the user interface page. You will see an Import button appear on that page. Click this button, then click Save to save the configuration.
  5. Publish the configuration by clicking the yellow Publish badge at the top right corner.

Edit and Review SCP Authentication on SWG (only if in use)

If in use, review the SWG On-Prem Authentication settings. If in use, they should remain the same: no action is required.

If you need to enable authentication and don’t know the SharedSecret you’ve set previously, you can import your credentials to SWG using EsportPassword.xml.

  1. Log on to the SWG appliance.
  2. Go to Policy > Settings > Authentication and select your SCP Authentication setting.
  3. Open ExportPassword.xml with any editor, identify the SharedPassword and copy it:
<SharedPassword>qCB+g204N9ycf7Jb62ALpQ==</SharedPassword>
  1. Click Shared password > Change and enter the shared password value from ExportPassword.xml.
  2. Click OK
  3. Click Save.

SCP Policy - Configure New Proxy Name

Change the name of the proxy server in the ePO on-prem SCP policy.

  1. Log on to Trellix ePO on-prem.
  2. Select Policy Catalog > Skyhigh Client Proxy.
  3. Select the active policy > Edit the Policy
  4. Under Client Proxy Settings > Proxy Servers, Rename the Proxy Address:
    • from c(Customer ID).saasprotection.com
    • to c(Customer ID).hybrid.skyhigh.cloud
      IMPORTANT: c(Customer ID).hybrid.skyhigh.cloud will direct traffic directly to a hybrid proxy which will process the hybrid policy uploaded from the on-prem appliance. This DNS name is only used with SCP policy and may not be used by customers who are using a SKU other than WPS2. All other SKUs must point to SSE proxies first to utilize SSE policy configured within the Skyhigh Security Cloud UI.
  5. Save the change

NOTE: All ePO-managed endpoints will receive the policy update on the next policy push.

Review 

Edit and Review the Hybrid Policy Sync Status on SWG

Review the SWG Hybrid Policy Sync Status. No changes are required as the accounts are not changed. 

  1. Log on to the SWG appliance.
  2. Go to Configuration > Cluster > Web Hybrid.
  3. In Cloud Access, replace  https://msg.mcafeesaas.com:443 with https://policysync.skyhigh.cloud:443.
  4. Click Save

Now verify the synchronization:

  1. Go to Troubleshooting > Synchronization.
  2. Click Synchronize and wait for the message to appear.

NOTE: If the “Policy Synchronization successfully performed!” message appears, then Secure Web Gateway is working as expected.

Review the Web Hybrid Policy Sync Status on Skyhigh

  1. Log on to (https://auth.ui.trellix.com).
  2. Go to Dashboards > Web Dashboard.
  3. If the policy synchronization has been successful, the Web Hybrid Policy Sync Status is indicated by a green dot at the top of the Dashboards > Web Dashboards page.

NOTE: If the status of Hybrid Sync is anything else than green, contact Skyhigh Security Support.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.