Some transactions generated from SEP agents in PAC File mode are not logged
search cancel

Some transactions generated from SEP agents in PAC File mode are not logged

book

Article ID: 265810

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Users accessing internet sites via Cloud SWG using SEP Web and Cloud Access method in PAC file mode.

HTTP access logs occasionally missing HTTP request info from certain users.

Cloud SWG Portal reports not always showing up expected user traffic for certain users.

User browsing experience not impacted in anyway - can still access sites through Cloud SWG service.

Users experiencing not logged requests appear to do so when going through specific ISPs - tethering the host to the users mobile phone, taking a seperate network path into Cloud SWG, allows all requests to show up correctly in reports/access logs.

Environment

SEP 14.0.1 mp1 or later.

Web and Cloud Access Protection Policy enabled with PAC File traffic redirection mode enabled, for redirecting web traffic to Cloud SWG.

Cause

Certain internet service providers implement “non-standard” transparent content filtering controls in their networks that can make it difficult for Cloud SWG to determine the tenant of a SEP Agent PAC File Mode user.

When this occurs, the user’s traffic cannot be associated with a customer tenant and therefore will not be logged. In addition, the tenant policy will not be applied.

Instead, a generic policy is applied that ensures protection from malware and websites categorized as malicious. 

Resolution

In the Web and Cloud Access Protection Policy, switch from PAC File Mode to Tunnel Mode. 

Aside from addressing the issue described in this article, Web and Cloud Access Tunnel Mode has these advantages:

  • Creates a secure tunnel from the endpoint to the Cloud SWG data center, ensuring data privacy in all working conditions
  • Handles traffic for all ports, all protocols, and applications (even those that are not proxy aware)
  • Robust single sign on capabilities including SAML authentication
  • Supports additional cloud components: Cloud Firewall, ZTNA, and DNS Proxy
  • Supports remote disable, reconnect and blocking via the Cloud SWG admin portal
  • Supports advanced policy configurations such as tamper proofing and traffic bypass by application executable
  • Supports CASB block notifications for real-time user coaching
  • …and more
Powered by Wolken Software