Unified Agent does not go passive on IPSec

book

Article ID: 168270

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

The Unified Agent on remote clients attempts to make a connection to the Web Security Service (WSS) despite initiating from an already protected network. The Unified Agent (UA) should detect that it is on a protected network and switch to a passive state. Normally, the tunnel is only established on unprotected networks when the UA is in an active state.

Cause

This scenario only occurs when the UA does not receive any response from the WSS datacenter when the client is on a protected network.

Resolution

  • Verify that the IPSec tunnel is up and fully operational.
  • Confirm that there are no occurrences of degraded performance.
  • Check the end-user computer and confirm that the client is truly on a protected network.
  • Verify that the computer running the UA does not have multiple paths to the Internet such as wired and wireless connections simultaneously connected.