WSS Service accessed from users running WSS agent (although issue visible with all access methods)
Some (not all) users reporting issues with reported egress IP addresses
Web Servers accessed via WSS reporting XFF (X-Forwarded-For) headers reporting RFC1918 IP addresses and not users public egress IP address
WSS HTTP logs and forensic logs also reporting user IP address as RFC1918 IP address
Only subset of requests from the same user seem to log the RFC1918 IP address
All access methods
Policy execution triggers update of customer egress IP address to an internal WSS IP address
Code change needed to address this
WSS was patched with a fix to this issue July 6-9 2021. No longer visible after these dates.
Whenever traffic is tunneled on the WSS Proxy (TRUE for Financial websites as an example), the traffic ends up with a WSS NAT'd IP address when policy is finished executing.
Policy evaluated is resetting the connection parameters (including users real-ip among others) causing us to include the RFC1918 NATed IP address
Solution does not clear the "real" ip address under the above conditions when evaluating a policy.