"Network Error", "tcp_error" and Denied when going through the Cloud SWG
Article ID: 170744
Updated On:
Products
Cloud Secure Web Gateway - Cloud SWG
Issue/Introduction
Users going through Cloud SWG (formerly known as WSS) get the following error when attempting to access a website:
"Network Error" and "tcp_error"
The error could be returned when routing through all Cloud SWG pods or only one (1) Cloud SWG pod.
A report from the Cloud SWG Portal could potentially show "Error 503 or 403 Forbidden" in the status:
503 error:
Network Error
A communication error occurred:
"Operation timed out".
The web server may be down, too busy, or experiencing other problems preventing it from responding to requests.
Tech support information: tcp_error
403 Forbidden:
Browser could display similar to the following.
Cause
Potential causes
1. The problem could have caused by the specific website blocking the Cloud SWG data-center Egress IPs:
See Cloud SWG ingress and egress IP addresses
2. Geolocation: It could be that the registered country information of the Egress IP is different from its actual geolocation and the website incorrectly doesn't allow that Egress IP.
Resolution
Potential options to resolve this, either:
- Bypass that specific website from the Cloud SWG.
- Customer would require to engage the website administrator to request an allowlist for all Egress IP addresses from Cloud SWG data centers.
- Enable Dedicated IPs (part of Premium Routing which require additional license) and access the website with the assigned IP. The potential reason for any site to block Cloud SWG IP is that the IPs could have been flagged malicious since all users share the same Egress IP which causes excessive request from one IP. This strategy is to access the site with the assigned dedicated IP thus lowering the number of request to the site thus allowing request to the site.
Feedback
Yes
No
Powered by
