Users are unable to browse the internet using explicit access methods including Proxy forwarding and SEP-WTR
book
Article ID: 189049
calendar_today
Updated On:
Products
Cloud Secure Web Gateway - Cloud SWG
Issue/Introduction
Users are unable to browse the internet via WSS when in explicit mode (explicit, proxy forwarding or SEP WTR access methods) Users get 'page not found error' Users get connectivity error in browser accessing traffic via WSS Disabling explicit mode and going to internet directly works fine Modifying workstation PAC file to point specifically at the local data center VIP (versus proxy.threatpulse.net) works fine
Cause
Firewall not allowing traffic to TCP 8080 to new GCP data center IP address referenced via proxy.threatpulse.net.
Resolution
Make sure that local firewall allows TCP 8080 traffic to the IP address ranges defined in the following two KB articles
With the GCP data center roleout, the IP address ranges for explicit and Unified-Agent/WSS agent may have changed. It is imperitive that corresponding firewall rules are changed to allow traffic to these new GCP IP addresses.