WSS Agent users cannot access internet even if tunnel CONNECTED
search cancel

WSS Agent users cannot access internet even if tunnel CONNECTED


Article ID: 269103


Updated On:


Cloud Secure Web Gateway - Cloud SWG


WSS Agent running on Windows hosts used to access internet sites via Cloud SWG from hotel sites.

Starting recently, Cloud SWG admin had calls coming in from 5 hotel sites complaining that their web access didn't work, on machines running the WSS Agent 9.1.1.

Some of the WSS Agents appear to be CONNECTED, but no web traffic is flowing to the machine. On repeated attempts to re-connect, some of the machine agents fail open, which its configured to do, but this lasts for a very short time after which web requests fail.

Other WSS Agents with problems fail to CONNECT, with the top of the UI lit up amber and no error messages on the status page indicating a failure to connect to the datacenter e.g. GBBLO. The diagnostic log does state that the connection to GBBLO timed out.

There are hundreds of clients across various sites in the country, and only 10 machines cannot access the web in the expected manner.

Only solution has been to completely remove the WSS agent from these boxes. 

Checking local ISP didn't show up any network issues and while working with a problem machine we could see on the Fortinet panel that the UDP traffic into Cloud SWG appeared to flow in both directions, yet the machine could not access the web, and the WSS Agent Status said Connected without a TCP or UDP error.


WSS Agent on Windows.


Wolf Security bundled software from HP conflicting with WSS Agent.


Removed Wolf Security bundled software from HP had updated itself around the date the issues started.

Cloud SWG admin was not aware this software was present on these machines. This Wolf Security software is appears to be a full fledged AV that HP has automatically pushed to the boxes, it scans files, reviews connections and claims to use machine-learning to do this according to the UI.
Note that these machines have Sophos installed too, so there could have been a three way conflict between WSS Agent, Sophos and Wolf Security software. 

Additional Information

Symdiag was used to look at other drivers and services on the host, where Sophos and Wolf Security software were detected.