Action Required for New Feature: Agent Traffic Manager
search cancel

Action Required for New Feature: Agent Traffic Manager

book

Article ID: 278611

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Beginning on February 5th, 2024, Broadcom will initiate a series of maintenance events to enable Agent Traffic Manager (ATM). The feature will be enabled on a per-tenant basis over a period of six weeks, until the expected completion date of April 18th, 2024.

Once rolled out, ATM improves the granularity of agent traffic interception to reduce the risk associated with adopting new capabilities like:

  • Cloud SWG
  • Cloud Firewall Service
  • DNS Proxy (being introduced with ATM)
  • CloudSOC Gatelet Protection
  • Zero Trust Network Access (ZTNA)

For more information, see the Agent Traffic Manager documentation.

Changes:

  • ATM interception capabilities are now configurable in the new Connectivity > Agent Traffic Manager page.
  • DNS Proxy exemptions are configurable in the new Connectivity > DNS Proxy Exemptions page.
  • You may notice some documented future ATM functionality that is not yet enabled for your tenant.

Resolution

Required Action

If Cloud Firewall Service (CFS) is disabled in your tenant(s), you must disable all existing enabled CFS rules. 

This action is necessary because the CFS-level enable/disable toggle is deprecated with the introduction of ATM and all enabled rules will become active by default. 

Other use cases:

  1. If CFS is disabled and there are no enabled CFS rules, no action is required.
  2. If CFS is enabled, Make sure to add a policy to allow port 8080/8443 - In case you have any application running on these non-standard web ports. **


An example of a tenant where the Cloud Firewall Service is disabled but has an enabled rule:

Be sure to select all enabled CFS rules by checking the toggle next to each rule, disable or delete them, and then activate the policy.

Disabling the rules will not affect your active policy because CFS is disabled. 

** In case, you have CFS Enabled and have any application running on ports 8080 and 8443.

When ATM is enabled for your account, it will start sending ALL traffic by default to Cloud SWG, therefore, you will need to add a new rule to Accept TCP/8080 and TCP/8443.  

Contact technical support by visiting: https://support.broadcom.com/security if you need further assistance.





 

Powered by Wolken Software