search cancel

All traffic from non-interactive-user blocked and cannot change this policy behaviour from Management Center/UPE


Article ID: 215706


Updated On:


Cloud Secure Web Gateway - Cloud SWG


SEP WTR enabled as access method into WSS

WSS managed using Management Center/UPE and not WSS Portal

WSS tenant Administrator observed huge number of policy denied events and the majority of it is from non-interactive-user.

Within UPE configuration, administrator only allows the traffic from domain users. Anything that is not a domain user will be denied by default - hence non-interactive-user is denied.

How does one can create a policy and allow the non-interactive user object in UPE?



Management center used to configure WSS

Users accessing WSS using SEP WTR clients

Can also apply to WSS agent clients


WSS policy rule only allowing access to objects for explicitly defined users and the non-interactive-user was not one of these allowed users. 


Create a new 'non-interactive-user' within local authentication realm (IWA on-box) and create a corresponding rule to allow this user access to certain domains.

Here is how WSS Transformed the rule when completed:

define condition __USER1
  user="non-interactive-user" ; Gestures transformed ; realm=NCNET ->   
end condition __USER1

condition=__USER1 Allow