search cancel

Bypass slack URLs in WSS fails when Reach Agent running on same host

book

Article ID: 203451

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

WSS Agent is enabled when a user is off the corporate network - the agent goes to passive mode when on premise.

WSS policy setup to block block certain categories including Chat/SMS.

We want to bypass slack from WSS so that Reach agent and CASB will apply the controls for slack.

We added several slack URLs including slack.com in bypass domains section of WSS. However, WSS is still intercepting the slack traffic and we are getting blocked page when we go to slack.com. 

Environment

WSSA running on client workstation

Reach agent also running on client workstation

Reach Agent is configured to Proxy requests for Slack Application into CASB gateway

Slack domains are all bypassed from WSS

Resolution

Bypass the Reach Agent gateway (gw.elastica.net) from the WSS configuration

Additional Information

WSSA did successfully bypass the Slack domains and forward the data into the reach agent. However, the reach agent was configured to proxy requests into the CASB gateway, which was not bypassed from WSS. Adding gw.elastica.net to the WSS bypass list fixed the issue. 

Attachments