WSSA CASB Only agent sending more than CASB gatelet traffic into WSS

book

Article ID: 209039

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Reach agent replaces with WSSA

CASB gatelets enabled with policies for specific users

CASB policies work fine but WSS logs showing that more than just CASB gatelet traffic is proxied into WSS

 

Cause

Traffic destined for on premise proxy is being intercepted by WSSA agent and sent into WSS

Environment

Windows client with WSSA 7.2.1 installed

CASB with a number of gatelets including O365, Google and Slack 

Resolution

If the option to disable the on premise proxy exists, disable it and only traffic destined for CASB will go into WSS.

If the option to disable the on premise proxy does not exist, please contact Broadcom WSS support to get build with a fix. This fix will eventually be included in the WSSA 7.3.1 build slated for March 2021.