There is a need to understand how Unified Agent chooses a data center to connect to and what method to use.
Web Security Service
To determine the data center to connect to, Unified Agent (UA) sends a request to the Cloud Traffic Controller (CTC) at ctc.threatpulse.com with the egress IP of the client. The egress IP is then checked against a database for geolocation to determine the 3 closest data centers. Then, to determine the connection method (TCP or UDP), it send a 1500 byte ICMP packet to the data center. If the response to the ping is received by the UA, and it is unregimented, it attempts to establish a connection via UDP. For this reason, it is strongly recommended to allow UDP and ICMP traffic for the clients as well as a PMTU size of 1500 bytes or more.
If the UA cannot connect to the first data center option presented by the CTC check for whatever reason, it fails over to the second or third data center options. However, when it fails over to the second or third data center from the CTC check, it will not check for UDP connection capabilities as with the first CTC option and will only attempt to connect via TCP.
Subscribing will provide email updates when this Article is updated. Login is required.