search cancel

Cloud Connect Defense and WSS integration FAQs


Article ID: 174519


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Frequently asked questions about Cloud Connect Defense and WSS integration.


  1. What are the features that the CCD-WSS integration provides?
    On Windows 10 devices, the user downloads CCD client from the Microsoft Store. The CCD-WSS integration provides a continuous secure connection to the Web Security Service so that CCD can provide advanced security features, such as content filtering and threat protection for all the network communication. Currently, no exclusions are supported.
  2. Which platforms does the CCD client support?
    You can refer to the following topic to find out all the supported platforms:
    See Supported devices, operating systems, and browsers for Cloud Connect Defense
  3. How does the CCD client work?
    Before a device connects to your network, the CCD client performs network integrity checks on the device. If CCD detects any suspicious activities, CCD warns the user of the activity. If the VPN fails to establish a connection, then the user is disconnected from the network.
  4. In which cases does the device not establish a secure connection with the organization's network?
    If the device is connected to a known location (as defined in the WSS settings) then the client does not establish a secure connection and CCD sends the user a notification.
  5. How do you test whether a secure connection is provided by the Web Security Service?
    After the secure connection is established, open a browser and enter, the page should say "You are Protected" Otherwise, it would say "You are not Protected". Click on more to show more details about the connection.
  6. What happens to a secure connection when the device sleeps, hibernates, or restarts?
    The secure connection is reconnected if it gets disconnected even when the device gets back from sleep or hibernation. The connection takes 15 minutes to come up after the device is restarted.
  7. Which ports are required on the firewall for the secure connection to function correctly?
    You must open 80/443, UDP 500 (ISAKMP) and UDP 4500 (if the firewall is behind a NAT).
  8. Can I have both the CCD client and the unified agent installed on the same device?
    No. You cannot install the unified agent and the CCD client on the same device.
  9. Can I have both the CCD client with WSS and SEP with WSS integration installed on the same device?
    Yes. However, the SEP firewall should be pre-configured to allow ports: 80/TCP, 443/TCP, 50/UDP, 500/UDP, 4500/UDP 
  10. How do I troubleshoot a "VPN connection cannot be established" error?

    You can try the following solutions:

  • Check for network connectivity.
  • Check whether the firewall is blocking ports.
  • Check whether the corporate network is preventing connections.
  1. When does the CCD Network Integrity policy apply to a device?
    When you switch between different networks, the CCD client performs a Network Integrity check and then tries to establish a secure connection. After the connection is established, no more checks are performed until the client detects a network change.