Unable to access a site via WSS Firewall/VPN Location
search cancel

Unable to access a site via WSS Firewall/VPN Location


Article ID: 243397


Updated On:


Cloud Secure Web Gateway - Cloud SWG


The user is unable to access a site via the Web Security Server (WSS) IPSec tunnel when in the corporate network.

The same user uses WSS Agent (Active Mode) and is able to access the site in question.


Web Security Service 

Access Method: Firewall/VPN IPSec

 3rd-party Firewall/VPN Device


The device creating the IPSec tunnel to WSS has an access control list (ACL) which is blocking access to the specific domain/IP, therefore, the traffic never makes it to the WSS tunnel.


To resolve this issue, remove the IP/domain in question from your firewall's IP blocklist.

To confirm that the IP/domain is not reaching the Web Security Service. You can run a report a forensic report and edit the report to add additional options.

If the report shows "No Data". It confirms that the Web Security service is not getting traffic for the domain in question. 

Report data will be available within 5 to 15 minutes after reproducing the issue.


  1. Go to Report Center > New Report > New Forensic Report.

  2. Edit the report to add additional options using the Gear icon > Report.

  3. Click on Add Criteria > Location > Select your IPSec Location

  4. Click on Run Report