Failover behavior of the Unified Agent if the current connected data pod goes down


Article ID: 167654


Updated On:


Web Security Service - WSS


How Unified Agent (UA) fails over to a different data pod or data center in the event of an outage while connecting to the Web Security Service (WSS)?


Unified Agent

Web Security Service


If a data pod that the UA is connected to goes down, the load balancer automatically sends the agent to another available pod when there are multiple pods at that data center. Otherwise, if the data center is a single pod site (or has no load balancer), then DNS automatically resolves over to another data center within two minutes. This time is not configurable.

Additionally, UA always fetches a list of the three closest data centers from the Cloud Traffic Controller (CTC), to which it will establish connections to the service. This is shown in its diagnostics files as follows:

<16>[12-05-2017 08:10:23 (UTC-5:00)]: Tunnel#91(my-username) Connected: CC:, Nat IP: 10.240.x.x
<16>[12-05-2017 08:10:22 (UTC-5:00)]: CA Tunnel#91(my-username) connecting to
<16>[12-05-2017 08:10:21 (UTC-5:00)]: CTC: ACTIVE(GEOIP)  DC5-  MI2-  NY2-  
<16>[12-05-2017 08:10:21 (UTC-5:00)]: Connection to WSS successful
<16>[12-05-2017 08:10:21 (UTC-5:00)]: Tunnel#90(non-interactive-user) Connected: CC:, Nat IP: 10.240.x.x
<16>[12-05-2017 08:10:21 (UTC-5:00)]: CA Tunnel#90: status:SUCCESS-authorized, IP bypass count: X, Domain bypass count: Y


The following KB shows if a data center has multiple data pods, or only a single data pod:

WSS data center IP addresses