Send Signal to Reconnect WSS Agent
search cancel

Send Signal to Reconnect WSS Agent


Article ID: 226831


Updated On:


Cloud Secure Web Gateway - Cloud SWG


A programmatic method to restart WSS Agent (WSSA) connections on clients.

How do I configure a "programmatic reconnect" in my VPN client (to force a reconnect of the WSS Agent)?

As described in About the WSS Agent UI, end users can open the Agent Interface and attempt to Reconnect the WSS Agent. 


  • Web Security Service
  • WSS Agent
  • Third-party VPN provider


Rare occurrences might prevent the WSS Agent from automatically detecting a network change. If there is a predictable case where network changes are not detected such as:

  • PAC URL fails to load.
  • Third-party VPN client does not push route changes to the OS. 
  • The reconnect button in the WSS Agent UI has been disabled by using the allowUserDisable option.

The third-party VPN can be configured to send a signal to trigger a WSS Agent reconnection.


If the third-party VPN client does not push route changes to the Operating System (OS) automatically when connecting/disconnecting via the Operating System's APIs.

Another option is to use the third-party's VPN onConnect and onDisconnect scripts. Make sure to consult the vendor's documentation to see if it is supported.


As Administrator, use the Windows wssad application to send the signal.

sc control wssad 161


The command for macOS clients depends on the version.

Kext Version of  WSS Agent (Catalina and previous):
sudo killall -SIGUSR1 wssad
The network extension version of WSS Agent (Big Sur+):
sudo killall -SIGUSR1
Note: For macOS clients, only WSS Agent 6.1.1+ supports the remote trigger process.