Is there a way for Cloud SWG admin to see whether requests are sent out the dedicated IP address infrastructure?

Could a 'curl -k -vvv $dedicated_IP_domain_Or_IP_address' show up anything in terms of response HTTP headers?

As for logs, unsure if the s-source-ip field is actually parsed into the WSS Splunk App that sucks the logs from Cloud SWG and cannot find any reference there.

Cloud SWG.

Dedicated IP address feature enabled.

There are a multiple ways to get this dedicated IP address information via logs/reports:

• Basic check to confirm dedicated IP address feature is working for your tenant is to hit https://pod.threatpulse.com/mydedicatedip : This should confirm that the dedicated IP address setup is good for your tenant, and let you know what the nearest dedicated IP cluster is for your location.
• Enable DEI for ifconfig.me domain and access it to confirm egress IP address reported matches what your tenant has been assigned: This site is a nice simple domain, without the advertising overhead whatsmyip* domains give out (which can often report non dedicated IP addresses).
• The HTTP logging will show you the info you need. Check out the highlighted fields below which are from the END of the HTTP logging event
  
  2023-06-15 12:30:43 "DP1-GGBDO1_proxysg1" 337 10.1.1.1 "user@example.com" "KUaPfKiYa7GXa7wEP9N+vJ4y4Gq4Jp2c=" - - invalid_request DENIED "Technology/Internet" - 400 TCP_NC_MISS GET text/html;%20charset=UTF-8 https ipchicken.com 443 / - - "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" 192.168.1.84 0 982 - cas_group - "{ %22expect_sandbox%22: false }" no - - - 0 "client" client_connector "-" "-" #.#.#.# "United States" CERT_VALID none - - TLSv1.3 TLS_AES_128_GCM_SHA256 128 *.ipchicken.com "Technology/Internet" TLSv1.3 TLS_AES_128_GCM_SHA256 128 - ICAP_NOT_SCANNED - ICAP_NO_MODIFICATION - 172.67.73.20 "Ambiguous - Special Use" %22192.168.200.10|Ambiguous%20-%20Special%20Use|timeout%22 "Portugal" 6 6 wss-agent architecture=x86_64%20name=Windows%2010%20Pro%20version=10.0.19041 9.0.55.18453 192.168.178.117 xxxxxxxxxxxxxx LAB-FKSWNQ2 PC - - - SSL_Intercept_1 - - - - #:#:#:#:#:#:#:# xx-xxx-xxx  #.#.#.# #.#.#.# "None" "None" xxxxxxxxxxxxxxxxxxx "ipchicken.com" "natproxy2.np2-ggblonc1.prod.bluecoatcloud.com"

These highlighted fields map to the following bolded fields – 1st and last 2 are useful for customer and other ones described below are useful for support when troubleshooting issues.

s-source-ip x-sr-vpop-ip x-sr-vpop-country-code x-sr-vpop-country x-dei-token x-symc-dei-app x-symc-dei-via

- Cloud SWG admin can run dedicated reports from Cloud SWG Portal, or run forensic reports and pull dedicated IP info out that way.

- if using SyncAPI to download and inject logs into a SIEM, the dedicated IP address fields are not rendered by default. The 'fields' parameter must be used to download the dedicated IP address fileds as described here.