The Auth Connector is unable to communicate with the Cloud SWG (Web Security Service) authentication IPs.

• Auth Connector status in Portal showed several Auth IPs to which it failed to connect into Cloud SWG.
• Auth Connector is configured to use a proxy server for outbound connections to the internet.
• No firewall or device after the proxy blocking outbound connections.

• Cloud SWG Auth Connector
• Cloud Secure Gateway

The local proxy server had SSL interception enabled which was breaking the SSL handshake between the Auth Connector and Cloud SWG.

It is recommended to:

• Add the internal IP of the Cloud SWG Auth Connector Server to the proxy's SSL exemption list - Set to Do Not Intercept.
• Add the internal IP of the Cloud SWG Auth Connector Server to the proxy's Auth exemption list - Set to Do Not Authenticate.

Technical Requirements:

• Direct Internet Requirement—The Auth Connector must have a direct connection to the Internet.
• If a proxy is required—The proxy must be configured as a pass-through only with no SSL interception and no Authentication.
• Do not allow the Auth Connector to connect through the same IPsec tunnel that goes to Cloud SWG

• Deploy the WSS Auth Connector
• WSS Datacenter IP Addresses