- WSS Agent is sending internet traffic via the WSS Agent tunnel.
- WSS Bypass lists defined so that traffic for certain domains/IP addresses from WSS Agents go direct and not via WSS
- traffic to reasy.obbltd.com, preasy.obbltd.com, measy.obbltd.com domains bypassed from WSS.
- Corresponding IPs (126.96.36.199, 188.8.131.52) bypasses from WSS
- No PAC file is configured on WSS Agent host
Browser was set to automatically detect proxy settings.
DHCP server was forwarding a legacy/redundant PAC file and due to the browser settings this was being picked up, even though there was no pac file defined in the browser proxy settings.
WSS Agent - all platforms
Disable the browser option to automatically detect proxy settings.
After that change, the traffic started going to correct domain IP address and it was correctly bypassed as seen in the packet capture for direct traffic:
- and packet capture for in-tunnel traffic is not showing connectivity to that domain anymore:
Looking at SymDiag logs, this can be seen:
- dns answer is showing same IP address as nslookup in the packet capture for direct traffic:
- same packet capture is showing no request to obbltd.com domains:
- packet capture for in-tunnel traffic is showing connectivity to bypassed domain, but instead of pointing to domain IP (184.108.40.206), the destination IP is ep.threatpulse.net on port 80 (220.127.116.11) as it would be going via pac file:
- WSS Agent trace log is confirming that the bypasses are added correctly:
(...) 05/06/2022-14:06:07.4025388 Debug Adding 18.104.22.168 for preasy.obbltd.com to domain bypass list
- since connection is going to different IP, the traffic is not bypassed