Verify WSS Connectivity for a CASB-Only tenant using Proxy Chaining

book

Article ID: 221061

calendar_today

Updated On:

Products

CASB Gateway

Issue/Introduction

Testing WSS accessibility in an agentless CASB-Only deployment would help Admins and support to gather more information about the session, WSS offers a way to do that using a dedicated URL (pod.threatpulse.com)  but it needs some configuration change on the environment, this article goes through the details on how do it.

 

Cause

The agentless deployment relies on the pre-defined domains shared by Cloudsoc, pod.threatpulse.com is not one of them, for this reason, the requests to an undefined domain get blocked since it is not part of the domain-of-interest list.

Environment

  • WSS CASB-Only tenants (lite)
  • Proxy chaining deployment (agentless)
  • Endpoints does not have an agent installed

Resolution

1- Add the WSS testing url's to the proxy forwarding lists

The general guidance on how to configure the proxy chaining for WSS CASB-Only is listed (here)

Add "pod.threatpulse.com" to the domains of interest in the forwarding condition - custom condition name in the KB article is: "CloudSOC_Forward_List" - 

2- Define a new custom gatelet with the WSS testing url's

Log in to Cloudsoc admin console

Define a new custom gatelet (Store > Gatelets > Custom Apps > click on "Create Custom Apps")

Give the custom gatelet any name

Add "pod.threatpulse.com" as a domain for the newly created custom gatelet

Click "Save and Activate"

Allow 5-10 minutes for the auto-sync between Cloudsoc and WSS to take place

3- Test the result on an endpoint

on an agentless endpoint, browse to https://pod.threatpulse.com or http://threatpulse.com 

the expected result is to get a response from WSS saying that "You are Protected!" with the details of the connection (Pod, IP's ..etc)

Additional Information

This solution assumes that the custom gatelet license is purchased and valid.