IP Surrogate:

• Allows the Cloud SWG POP to cache the authenticated IP for as long it is set under the "Auth refresh frequency" (if 6 months, then it will cache for 6 months before it challenge again)
• Note: if the connected users changes the IP address when he is moving around the office or if it is a dynamic DHCP instead of static IP, then this will cause inaccurate results to the Cloud SWG reporting based on IP address and username details. Imaging if "userA authenticated as IP-A, and then later userB got the IP-A after userA offline, and UserB will be seen accessing to internet via Cloud SWG VPN as userA instead"

Cookie Surrogate:

• Allows Cloud SWG POP to cache the cookie surrogate and as long as the user is using the same machine and login to access to the internet via Cloud SWG VPN, there will be no further authentication challenge following the "Auth refresh frequency" that is set on the portal.
• Note: users will be asked for credentials again if the Cloud SWG VPN changes Data pod.