search cancel

Verify WSS Connectivity for a CASB-Only tenant using Proxy Chaining


Article ID: 221061


Updated On:


CASB Gateway


Testing WSS accessibility in an agentless CASB-Only deployment would help Admins and support to gather more information about the session, WSS offers a way to do that using a dedicated URL (  but it needs some configuration change on the environment, this article goes through the details on how do it.



The agentless deployment relies on the pre-defined domains shared by Cloudsoc, is not one of them, for this reason, the requests to an undefined domain get blocked since it is not part of the domain-of-interest list.


  • WSS CASB-Only tenants (lite)
  • Proxy chaining deployment (agentless)
  • Endpoints does not have an agent installed


1- Add the WSS testing url's to the proxy forwarding lists

The general guidance on how to configure the proxy chaining for WSS CASB-Only is listed (here)

Add "" to the domains of interest in the forwarding condition - custom condition name in the KB article is: "CloudSOC_Forward_List" - 

2- Define a new custom gatelet with the WSS testing url's

Log in to Cloudsoc admin console

Define a new custom gatelet (Store > Gatelets > Custom Apps > click on "Create Custom Apps")

Give the custom gatelet any name

Add "" as a domain for the newly created custom gatelet

Click "Save and Activate"

Allow 5-10 minutes for the auto-sync between Cloudsoc and WSS to take place

3- Test the result on an endpoint

on an agentless endpoint, browse to or 

the expected result is to get a response from WSS saying that "You are Protected!" with the details of the connection (Pod, IP's ..etc)

Additional Information

This solution assumes that the custom gatelet license is purchased and valid.