WSS Agent in Selective Intercept mode intercepting traffic traffic from PAC file DIRECT domains
Article ID: 258770
Updated On:
Products
Issue/Introduction
Users accessing internet via Cloud SGW using WSS Agents.
WSS Agent is setup with Selective Intercept enabled from on-premise locations. With Selective Intercept mode enabled, the WSS Agent should only intercept traffic destined for ep.threatpulse.com
PAC files pushed down to WSS Agent hosts to route the traffic between DIRECT and ep.threatpulse.com:80
The domain github.com should be sent DIRECT as per the PAC file script and the browser appears to be sending it DIRECT. However WSS Agent is intercepting this request and sending it through the tunnel. The domain github.com is not part of their bypassed domains list however the WSS Agent logs indicate that it is a bypassed domain.
Environment
WSS Agent.
CASB enabled and integrated with WSS.
Cause
CASB enabled with github gatelet active, forcing inspection on the Cloud SWG side.
Resolution
Disable github gatelet on CASB side.
github.com is listed in their interceptDomains list directive read by the WSS Agent, because tenant also has CASB enabled for this domain. These are part of the "selective intercept"...meaning that when CASB gatelets are configured, they will still be intercepted. This is listed on the portal as part of what is involved in selective intercept:
Attachments
Feedback
