Users accessing internet sites successfully via Cloud SWG using WSS Agents.

Some back end RDP applications are used to access certain user applications, and for security these hosts have ACLs to only allow requests from dedicated IP addresses.

Cloud SWG admin enabled dedicated IP addresses for the back end RDP servers, as well as ATM rules allowing TCP 3389 for certain groups needing access to the servers.

When users run the remote desktop applications to connect to these servers on TCP 3389, they simply see general connectivity errors without even a prompt for username/passwords.

Cloud SWG.

WSS Agent.

RDP servers on TCP 3389, but can happen with any application that does not generate HTTP requests.

Dedicated IP address is only used with Web based applications and not non web based applications like RDP. The Cloud SWG documentation explicitly states

"These Dedicated IP addresses are assigned to Broadcom only, and they provide access to web applications that you specify."

Any application that is not capable of generating a GET (http) or CONNECT (https) request will fail with dedicated IP address feature.

Check whether web based RDP access are possible with 3rd party site, so that Web requests would be made to an RDP gateway and handled correctly by dedicated IP address feature.

Alternatively, one could use ZTNA to integrate with Cloud SWG and access the RDP servers via a local ZTNA connector (which are then added to the ACL list).