The CloudStrike Falcon fails to establish SSL connections or is not able to connect to a specific socket IP with WSS Agent enabled.

Windows event logs show that Falcon Agent SSL connection failed or that could not connect to a socket in some IP.

Cloud SWG (formerly known as WSS) WSS Agent

1. Make sure that the corresponding cipher suites are enabled and added to the hosts Transparent Layer Security protocol.

2. Add these CloudStrike URLs used by the Falcon Agent to the SSL interception exemption list

• falcon.crowdstrike.com
• crowdstrike.com
• cloudsink.net
• ts01-b.cloudsink.net
• lfodown01-b.cloudsink.net

In your Cloud SWG  portal, go to Policy > TLS/SSL Interception > TLS/SSL Interception Policy > Add Rule for the above-mentioned domains to 'Do Not Intercept' and Activate the policy.

Note: If you are using Universal Policy Enforcement (UPE), Go to your VPM - SSL Intercept Layer and add these domains to the Do Not Intercept domain list.