Report logs shows Allowed for blocked categories
search cancel

Report logs shows Allowed for blocked categories


Article ID: 172305


Updated On:


Cloud Secure Web Gateway - Cloud SWG


In the report logs, a category which is supposed to be blocked is 'Allowed' with the scheme as 'tcp ://'



In the report logs, if you could see the allowed requests are with 'tcp://' scheme. These are the initial TCP hand-shake request that hits the proxy when the user tries to access any HTTPS site. The proxy will detect the protocol and then pass the request to SSL proxy (ssl:// scheme) and once SSL interception is completed you will see https://

The tcp:// requests will be 'Allowed' to always complete protocol detection and SSL interception. At this stage (tcp://), the proxy is not sending the request out to the internet. It is only trying to detect the underlying protocol and complete the interception.