search cancel

Users getting 'You are not protected' message accessing https://pod.threatpulse.com

book

Article ID: 189802

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Users accessing WSS using Explicit Access method, but accessing https://pod.threatpulse.com from a browser indicates that the user is not protected.

Accessing http://pod.threatpulse.com from the same browser shows the user is protected as well as the data center/pod the user is connected to

Environment

All Access methods including Explicit/Proxy Forwarding/SEP WTR, UA/WSSA/SEP Mobile or IPSEC

TLS/SSL inspection disabled for many domains including pod.threatpulse.com

Cause

The pod.threatpulse.com back end Web server needs to get some information from the WSS Proxy in order to return the protection level and pod details.

With TLS/SSL inspection disabled, the additional information (added by the proxy in the form of http header fields) is missing so the pod.threatpulse.com processing cannot identify if / which pod is used.

Resolution

  1. If you use http://pod.threatpulse.com to check whether you are being protected the result is always going to be accurate
  2. Make sure that TLS/SSL inspection is enabled for pod.threatpulse.com domain when using https to check protection status