Cloud Traffic controller (CTC) signals the WSS Agent (WSSA) to remain in an ACTIVE mode when coming from a known network location, registered under the Cloud portal.
WSS Agent attempts to establish a connection to the Cloud Traffic Controller (CTC): ctc.threatpulse.com, which it must do to determine whether it is on a protected network. When WSS Agent detects that it is on a protected network, it goes into PASSIVE mode automatically.
If the WSS Agent remains ACTIVE, there could be multiple reasons for this behavior:
IMPORTANT: Please make sure that you are running the most current version of the WSSA client (version 8.1.1 or later) because older versions of the WSSA client (versions 6.x and 7.x) had bugs related to this issue.
=====
WSS Agent 7.5.1
Resolved an issue where network change events caused the passive or active status to not be correct.
=====
WSS Agent 7.4.2
Resolved an issue where WSS Agent would not remain in passive mode on known locations if network change events occurred.
README: WSS Agent Release Notes
=====
If you must use PAC file to force WSS Agent into Passive and are sending CTC requests through a proxy/PAC file whether it is a full-tunnel or split-tunnel mode.
a Cloud SWG administrator can log in to the Cloud management Portal and take the following steps:
Note: These steps will force a Cloud SWG portal configuration update to our Cloud SWG Cloud Traffic Controller (CTC)
If the issue still persists, gather a WSS Agent diagnostics using SymDiag for the respective Operating System while reproducing the issue:
If you have a current Support Case for this issue, attach the .sdbz file to the support case using Symdiag or save the .sdbz file locally. Exit SymDiag and send the file to your Support Contact.