Singapore WSS data center recently went through maintenance window
Users accessing WSS with SEP WTR access method
Users logged into on premise VDI hosts and accessing internet via same egress IP address
Many users having no issues, yet some issues report that they cannot get to sites
When problem happens, browser reports 'unable to connect' to site messages
DNS response for sep-wtr.threatpulse.net returning VIP for GSGRS1 (valid IP address for explicit traffic) and GSGSR11 (valid IP address for WSSA traffic, but cannot handle explicit requests!)
SEP WTR users resolving sep-wtr.threatpulse.net to GSGRS11 VIP would fail
Changed Akamai GEO DNS service so that DNS requests for sep-wtr.threatpulse.net in region only returns the GSGRS1 VIP.
Users do not need to do anything as change picked up automatically.
WSS had seperate clusters for IPSEC/Explicit and WSSA traffic. The WSSA traffic is handled by clusters that only access TCP/UDP 443 requests and drops requests for any other protocols.