Web Isolation is blocking the domain being used even when the domain has been added as a Trusted Destination in the Cloud SWG (WSS) portal.  

Cloud SWG

Web Isolation

Web Isolation is set up with a policy to block and isolate suspicious websites. For example, a policy is set up to block domains with a risk classification rating of 5 - 10. The domain being accessed has a risk level of 10 and Web Isolation is isolating and blocking the domain. This will occur before the domain reaches Cloud SWG and, as a result, any of the rules listed under Trusted Destinations will not be applied.

In addition to adding a domain to Trusted Destinations, the domain needs to be added to a policy under Web Isolation that is set to "Do not Isolate". This rule will tell Web Isolation to not isolate or block the domain and, as a result, the domain will reach Cloud SWG and will be evaluated under the policies listed in its configuration, including the Trusted Destinations.

To create a rule to exempt a domain from Web Isolation:

From within the Cloud SWG portal:

1. Navigate to Policy > Web Isolation
2. Select Add Rule
3. Add the destination domain
4. Set to Do not Isolate
5. Click Add
6. Click Activate Policy