search cancel

Network Traffic Redirection Failed to Authenticate


Article ID: 224497


Updated On:


Web Security Service - WSS


You have an issue with some of the clients using the SEP/SES agent with SEP NTR status showing:

"Network Traffic Redirection Failed to Authenticate. Wait while the client tries to reconnect"

- There is no internet connectivity

- Pac File mode / redirect

- Disabling / Re-enabling NTR does not help / Symantec Endpoint Protection Local Proxy service is running




The request for was attempting to be send directly. It needs to be send to WSS or else authentication will fail. 

The customer had bypassed the IP behind the hostname by adding it to their 'Bypassed Traffic' section in WSS portal, so SEP WTR was trying to route the request directly. 


Ensure that the hostname or the IP is not bypassed from WSS. 

The seamless identification involves the process of identifying the endpoint organization and negotiating a session key to encrypt an authorization token for each requests sent to WSS. This process is done seamlessly between the agent and secure gateway handling the web-traffic over the WSS ingress data-path. As such, you need to ensure that the client-id url is not bypassing WSS.

URL IP Port(s) Purpose 443 Seamless Identification

Additional Information

Best practices for Endpoint Protection and Web Security Services integration

How to collect Verbose WPP logs for Endpoint Protection with the SymDiag Utility