ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Unified Agent does not go passive on IPSec


Article ID: 168270


Updated On:


Web Security Service - WSS


The Unified Agent on remote clients attempts to make a connection to the Web Security Service (WSS) despite initiating from an already protected network. The Unified Agent (UA) should detect that it is on a protected network and switch to a passive state. Normally, the tunnel is only established on unprotected networks when the UA is in an active state.


This scenario only occurs when the UA does not receive any response from the WSS datacenter when the client is on a protected network.


  • Verify that the IPSec tunnel is up and fully operational.
  • Confirm that there are no occurrences of degraded performance.
  • Check the end-user computer and confirm that the client is truly on a protected network.
  • Verify that the computer running the UA does not have multiple paths to the Internet such as wired and wireless connections simultaneously connected.