Cannot SCP files from ProxySG into CASB device logs
search cancel

Cannot SCP files from ProxySG into CASB device logs


Article ID: 245148


Updated On:


Cloud Secure Web Gateway - Cloud SWG CASB Audit ISG Proxy


WSS integrated with on-prem ProxySG.

WSS also integrated with CASB.

WSS logs ingested into CASB without any problems but ProxySG logs cannot be updated into CASB.

PCAPs indicate traffic leaving the internal network but TCP connection fails to establish correctly with CASB.


CASB Reporting

Log uploads from ProxySG

Log uploads from WSS 


Multiple issues triggered problem from firewall, CASB IP address whitelisting, but above all ProxySG UI limitations.


Multiple tasks need to be completed from the ProxySG to upload files to CASB reporting successfully:

a) Make sure that firewall rules where Proxy egresses out of allows TCP 22 to the CASB reporting endpoints

b) Make sure that the CASB whitelisted IP address for SCP communication matches the ProxySG egress IP address

3. Configure the ProxySG settings from the CLI and not the UI (SSH keys can be generated via the UI). This is the key part as the info key endpoint info from the CASB side was truncated when adding via the ProxySG UI - username with underscores were also not allowed. These limitations do not exist with CLI.