search cancel

Some websites are not blocked when using the WSS Agent

book

Article ID: 173331

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Some sites that should be blocked by policy are not being blocked when using the WSS Agent (WSSA), and the sites are being accessed with IPv6.

Cause

This could be caused by connections to websites via IPv6, which the Web Security Service (WSS) does not monitor.

When visiting test.threatpulse.com, it shows "Protected" because that connection is via IPv4.

Resolution

You can block IPv6 traffic through WSSA by following the steps below (which will block DNS requests for IPv6 domains), forcing the connection to IPv4 when supported by the content server: 

  1. Log into your WSS Portal
  2. Navigate to Connectivity > WSS Agent
  3. Make sure that the following checkbox is cleared (disabled): "Allow IPv6 traffic"