How does the WSS Agent (WSSA) choose which data center to connect to?

The WSS Agent receives much of its configuration from the Cloud Traffic Controller (CTC), which is a Cloud SWG service endpoint.

When the agent starts up, it contacts the CTC. The CTC analyzes the user, tenant, and public IP address of the agent to determine the appropriate agent configuration. If the CTC is not able to respond, the agent uses a cached connection list and displays a warning.

Consider the following example:

• A user is remote and passive (not connected to Cloud SWG) when at an office location.
• The CTC compares the IP addresses of office locations that are configured in the portal to the IP address used by the agent.
• The location is configured in the portal to keep agents active.
• The CTC determines that the agent should be active and the user is connected to Cloud SWG.

You can configure specific behaviors for different scenarios that suit your organization's needs.

The CTC also ensures that the WSS Agent connects to the nearest Cloud SWG data center (the “primary” site) for optimal performance. For redundancy, the CTC always ensures that the agent is aware of two more backup data centers in case the primary data center becomes unavailable. The CTC determines the primary and backup data centers uniquely for each agent connection. Site selection is based on the geolocation of the IP address that the agent uses to connect to CTC.

The WSS Agent and cloud-based systems work together to constantly check for site failures. When a failure is detected, the agent automatically connects to the closest backup site. In addition, the WSS Agent seamlessly handles transient disruptions by automatically reconnecting if it temporarily disconnects from Cloud SWG. For example, the agent connection could drop for the following reasons:

• Temporary loss of the wifi connection when walking through an office building
• Network changes signaled by the operating system, such as when another VPN client makes a connection
• System sleep/wake cycles

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/cloud-swg/help/conn-about-wssa.html