Corporate users access internet via Cloud SWG service using WSS Agents on both Windows and macOS.

Starting end of February 2024, a number of macOS users reported not being able to connect to Cloud SWG when using iPhone mobile phone hotspot. 

Testing the same iPhone mobile phone hotspot for a Windows WSS Agent worked fine.

Any web site bypassed from Cloud SWG would render successfully.

WSS Agent diagnostic logs confirmed that no tunnel was established into Cloud SWG.

Testing the same use case with other iPhones connected to other Telecom providers seem to prove more successful, where the WSS Agent tunnel would come up fine.

macOS WSS Agent.

Cloud SWG.

Tethering macOS to mobile device.

Using EE Telecom provider.

All communication via EE using native IPv6 without any IPv4 gateway.

Disable IPv6 for communication into this EE network.

There are options to change the hotspot settings on an Apple discussion forum that we used. This link outlines two possibilities:

• If your MacBook Pro connects to a Wi-Fi network with IPv6 preference, it might prioritize IPv6 connections. You can try to prioritize IPv4:
   
  • Go to System Preferences > Network.
  • Connect to Hotspot and click Details (Refer to the pic below).
  • Under the TCP/IP tab, configure IPv6 settings to "Link-local only" or "Manually"
  • Apply the changes and reconnect to the iPhone's hotspot. 
    
    
• Disable IPv6 on iPhone's Personal Hotspot: Unfortunately, iOS does not have a built-in setting to disable IPv6 on the Personal Hotspot. However, you can try to disable IPv6 globally on your iPhone:
  
  
  • Go to Settings > Cellular > Cellular Data Options > Voice & Data.
  • Select LTE (if available) or choose a lower option.

 In our case, we went with the first option above and all worked fine.