Unable to load intranet sites on browsers when WSS Agent enabled

book

Article ID: 206546

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Users accessing Web Security Services (WSS) via WSS agent (WSSA)

  • External / Public sites all render without issues
  • Internal / Intranet sites sometimes cannot be opened via browser (Chrome mostly but some users reporting IE/Edge too)
  • Problem seems to occur from one location - other locations with same workstation image not seeing issue
  • Main difference with this site is that there are onPrem proxies with 10.0.0.0/8 IP addresses that should be bypassed from WSS

Cause

Proxy avoidance checks on agent sending local traffic into WSS

 

Environment

WSSA agent 7.1.1/7.2.1 impacted

Resolution

Add the onPrem proxy IP addresses to the WSS bypass list to avoid any proxy avoidance checks

Additional Information

PCAPs from host confirmed that CTC traffic was being sent to the internal proxy as expected

PCAPs referenced one request to 199.19.250.205 from the workstation - this is the WSS transProxy IP address only used with IPSEC (but also with proxy avoidance on WSSA)

Attachments