CPL policy configuration for WSS Agent in UPE
search cancel

CPL policy configuration for WSS Agent in UPE

book

Article ID: 230936

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

When Cloud SWG Policy Management is set to "Cloud SWG Portal" you can setup rules (on the portal) that use WSS Agent as a source.

When Cloud SWG Policy Management is set to "Management Center" (also known-as Universal Policy Enforcement / UPE) the option to setup rules that use WSS Agent as a source is not available.

In order to setup rules that use WSS Agent as a source the below CPL code should be used.

Resolution

This CPL entry matches to WSS Agent traffic:

client.location.access_type=client_connector

Sample policy to deny an url/domain just for WSS Agents would look like this:

<proxy>
url.domain=example.com client.location.access_type=client_connector deny

Then, to check Cloud SWG Portal Reports for WSS Agent traffic, filter based on Agent Type needs to be done.

In the below example, first entry is for access from IPSec location, the second from WSS Agent: