search cancel

WSS Agent users not connecting to nearest available WSS Data Center


Article ID: 238032


Updated On:


Web Security Service - WSS


Users are accessing WSS via WSS Agent.

Most users accessing nearest physical data center based on user location.

Some users running WSS Agent are being sent to a data center that is in a different country. Reviewing the WSS Agent logs we can see that the agents are directed to this datacenter by the CTC response.

Users may GEO locate to wrong country as a result of this.


Client Firewall Service (CFS) license enabled on the WSS tenant.

With CFS license, users are sent to nearest data centre where CFS services are available.


WSS Agent is used to access WSS and Client Firewall Service is enabled on WSS tenant.


A few options exist to address the issue:

1. remove the CFS license in our case (we had a trial license of CFS that had been added but was not being used). This will go back to default behaviour where CTC responds with nearest physical data center for user.

2. Manually override the CTC response on the problem users as per KB200262 - can be implemented via a GPO policy. When this workaround is used, any CFS policies tied to user or host will not apply.

Broadcom is currently working to deploy CFS services to all our data centers and the above issues will no longer be visible for WSS Agent users on tenants with CFS licenses.