search cancel

WSS Agent Internet access issue with minimalist UPE policy implemented

book

Article ID: 255413

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

The customer is testing WSS Agent with their new Cloud SWG (formerly known as WSS) with a minimal policy (access layer is a simple allow statement).

The WSS Agent is connecting without issues to the local Cloud SWG pop yet Internet access from the computer is not working.

Environment

UPE Managed policy

WSS Agent (any version)

Cause

The customer UPE policy was set to bypass authentication for all traffic.

This caused the WSS Agent identification to be stripped of user data which prevented the agent from operating as expected.

Resolution

Authentication exemption actively removes user related data that is sent from the WSS Agent to the service, and when this data is removed it is preventing the agent from operating nominally.

When no authentication is setup exemption is not necessary and as seen here is counter-productive.

Authentication exemption should be set for specific conditions to avoid such issues.