Limitation of Agent based Cloud SWG access for China region
search cancel

Limitation of Agent based Cloud SWG access for China region

book

Article ID: 275251

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG Symantec ZTNA

Issue/Introduction

If the tenant running WSS Agent AND the tenant has SAC enabled, the CTC response will send users to a non-China POP.

If the tenant running WSS Agent is sending all traffic into Cloud SWG (not just TCP ports 80, 8080, 443 or 8443), and the tenant has CFS (Client Firewall Service) policies enabled, the CTC response will send users to a non-China POP.

Cause

The China Cloud SWG infrastructure does not have routing to SAC or CFS environments.

Resolution

Make sure local firewall settings allow WSS Agent users in China access POPs outside of China.

Additional Information

It is on our roadmap to create SAC and CFS infrastructure in China. There is no ETA for now.

Great firewall of China may block access to non-China POP's and hence users from China region will be unable to connect to Cloud SWG.

Agent Traffic Manager (ATM) - currently in private preview - can be used to disable SAC/CFS features for certain users/groups, which could be used to workaround the above use case for users in China. Please contact your local SE for more details.