Users accessing Web Security Services (WSS) via WSS agent (WSSA)

• External / Public sites all render without issues
• Internal / Intranet sites sometimes cannot be opened via browser (Chrome mostly but some users reporting IE/Edge too)
• Problem seems to occur from one location - other locations with same workstation image not seeing issue
• Main difference with this site is that there are onPrem proxies with 10.0.0.0/8 IP addresses that should be bypassed from WSS

Proxy avoidance checks on agent sending local traffic into WSS.

Add the onPrem proxy IP addresses to the WSS bypass list to avoid any proxy avoidance checks.

PCAPs from host confirmed that CTC traffic was being sent to the internal proxy as expected

PCAPs referenced one request to 199.19.250.205 from the workstation - this is the WSS transProxy IP address only used with IPSEC (but also with proxy avoidance on WSSA)