search cancel

WSS Policy is not being applied with WSSA and "Selective Intercept" enabled

book

Article ID: 241209

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Users are able to access sites that are blocked in the Content Filtering policy in WSS.

Access Method is: WSS Agent (WSSA)


"Selective Intercept" is enabled in the Portal at: 

Connectivity -> Locations -> Agent Configuration -> Selective Intercept

 

Resolution

Disabling "Selective Intercept" resolved the issue.

 

The customer had previously enabled the "Selective Intercept" radio button, but wasn't sure what the feature did.

By enabling Selective Intercept, you change the behavior of the WSSA client.

 

Normal (default) mode for WSSA is to send all port 80/443 traffic to the WSS service...expect for the IP's and domains in the Bypass List.

If you enable Selective Intercept, then you change the behavior of the WSSA client to send NO TRAFFIC, expect for CASB traffic or traffic that is explicitly sent to ep.threatpulse.net:80 in a Pac file.

For more details, see the docs on the new Selective Intercept feature