When browsing out to sites after upgrading from SGOS 5.4.x to SGOS 5.5 or 6.1.1.x, users are denied access to web resources.
The default policy on the proxy is deny
ICAP feedback is enabled (trickling and patience page)
When the problem happens, the web authentication layer is not the first layer in Visual Policy Manager
The problem does not occur when the web authentication layer is the first layer in Visual Policy Manager
In a policy trace, the allow condition shows up as a n/a because the user has not been identified.