RFC1918 address shown as WSS agent egress IP
search cancel

RFC1918 address shown as WSS agent egress IP


Article ID: 220206


Updated On:


Cloud Secure Web Gateway - Cloud SWG


WSS Service accessed from users running WSS agent (although issue visible with all access methods)

Some (not all) users reporting issues with reported egress IP addresses 

Web Servers accessed via WSS reporting XFF (X-Forwarded-For) headers reporting RFC1918 IP addresses and not users public egress IP address

WSS HTTP logs and forensic logs also reporting user IP address as RFC1918 IP address

Only subset of requests from the same user seem to log the RFC1918 IP address


All access methods



Policy execution triggers update of customer egress IP address to an internal WSS IP address

Code change needed to address this


WSS was patched with a fix to this issue July 6-9 2021. No longer visible after these dates.

Additional Information

Whenever traffic is tunneled on the WSS Proxy (TRUE for Financial websites as an example), the traffic ends up with a WSS NAT'd IP address when policy is finished executing.
Policy evaluated is resetting the connection parameters (including users real-ip among others) causing us to include the RFC1918 NATed IP address
Solution does not clear the "real" ip address under the above conditions when evaluating a policy.