search cancel

How WSS Agent finds data pods to connect?


Article ID: 238326


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Questions regarding WSS Agent sovereignty and connectivity to WSS cloud Data centers(DC)/Data pods(DP). 

  • How WSS Agent selects DPs? 
  • Does WSS ensure connectivity to local DC? and Does it do cross geo-location data transfer?
  • Specifying that a user from country A will not be connected to Country B Data center and if so how WSS Agent/WSS/Data center handles it? 



Web Security Service
WSS Agent


WSS Agent is directed to the nearest DC by the Client Traffic Controller (CTC) based on the geo-location of the end user's public egress IP address.  The WSS Agent initiates a connection over port 443 to CTC, which returns availability from up to three geographical data centers following compliance regulations such as GDPR. It tries to connect (create an OpenVPN tunnel) to the closest DC first and if that fails, for both UDP and TCP, it will move on to the second DC. 

For example, users from any country in Europe will establish connections to DC available in the same country or nearest country location. If DC is not available in that county or if the connection fails, due to any reason, they will connect to another country's DC in the EU. However, WSS Agent will not connect to any region outside the EU regardless of connection availability. WSS Agent strictly follows compliance regulations.

Additional Information

The following article provides more information about WSS Agent connectivity.

About WSS Agent