WSSA CASB Only agent sending more than CASB gatelet traffic into WSS


Article ID: 209039


Updated On:


Web Security Service - WSS


Reach agent replaces with WSSA

CASB gatelets enabled with policies for specific users

CASB policies work fine but WSS logs showing that more than just CASB gatelet traffic is proxied into WSS



Traffic destined for on premise proxy is being intercepted by WSSA agent and sent into WSS


Windows client with WSSA 7.2.1 installed

CASB with a number of gatelets including O365, Google and Slack 


If the option to disable the on premise proxy exists, disable it and only traffic destined for CASB will go into WSS.

If the option to disable the on premise proxy does not exist, please contact Broadcom WSS support to get build with a fix. This fix will eventually be included in the WSSA 7.3.1 build slated for March 2021.