Dedicated IP address feature enabled for certain domains.

Users accessing these domains via WSS Agent access method are not egressing from the dedicated IP addresses assigned to tenant.

Accessing https://pod.threatpulse.com/mydedicatedip does not show any expected 'DEI info'.

UPE Managed Cloud SWG tenant.

DNS restrictions enabled.

DNS restrictions enabled within Cloud WSS policy that blocks dedicated IP address policies from completing.

Disable DNS restrictions on the reference Proxy policy, or define 'exceptions' for the dedicated IP address domains.

Whilst there may be use cases to implement DNS restrictions with the Edge Proxy, there are no benefits to pushing this out within a Cloud Proxy environment. It is not possible to do an 'if enforcement=appliance' condition so that it only gets implemented within the Edge Proxy.

There is a Portal update planned in December '23 that will strip any DNS restrictions from UPE policies pushed out to the Cloud Proxy. With this in place, no configuration changes will be required as any DNS restrictions will be filtered from reaching the Cloud setup.

Dedicated IP addresses requires DNS evaluations for dedicated IP address domains. WIthout the ability to do this, the dedicated IP adress feature will fail and fallback to the egress IP address of the Cloud Proxy servers.