Users experiencing intermittent connectivity issues accessing internet via WSS Singapore (GSGRS1) site using SEP WTR


Article ID: 210387


Updated On:


Web Security Service - WSS


Singapore WSS data center recently went through maintenance window

Users accessing WSS with SEP WTR access method

Users logged into on premise VDI hosts and accessing internet via same egress IP address

Many users having no issues, yet some issues report that  they cannot get to sites

When problem happens, browser reports 'unable to connect' to site messages



DNS response for returning VIP for GSGRS1 (valid IP address for explicit traffic) and GSGSR11 (valid IP address for WSSA traffic, but cannot handle explicit requests!)

SEP WTR users resolving to GSGRS11 VIP would fail 


Changed Akamai GEO DNS service so that DNS requests for in region only returns the GSGRS1 VIP.

Users do not need to do anything as change picked up automatically.

Additional Information

WSS had seperate clusters for IPSEC/Explicit and WSSA traffic. The WSSA traffic is handled by clusters that only access TCP/UDP 443 requests and drops requests for any other protocols.