When running Symantec Endpoint Protection (SEP) with Web Traffic Redirection (WTR) in an environment where users are roaming, and multiple Web Security Service (WSS) data centers are geographically very close, web browsing and applications may sporadically hang or become unresponsive,.
WTR Engine 184.108.40.2060
Users located in a country with multiple data centers available (India, China, UK)
Users flap between different data centers
This can happen because the SEP client may be sending traffic to different data centers within the same user session.
Make sure that the Proxy Auto-Config (PAC) file pointed to by the SEP WTR client is configured to send proxy traffic to sep-wtr.threatpulse.net and not the default proxy.threatpulse.com. What this will do is enable stickiness for DNS, and avoid the round robining that could potentially send the SEP WTR workstation to multiple data centers.
The advantage of this round robin approach is that it is basic and makes sure that we evenly balance between the two local data centers. The downside is that certain applications that require an element of persistence to work well (SEP WTR, or SAML based authentication) may experience issues. To combat the problem, Symantec WSS offers the ability to enable stickiness for the DNS responses. This addresses the SEP WTR issues described above, as well as SAML auth problems.
To enable persistence, make sure the WSS administrator does the following:
Go to the PAC file configuration that SEP client uses and replace the existing hostname e.g. proxy.threatpulse.net with sep-wtr.threatpulse.net
When we get the DNS request we now respond with the same IP address each time, i.e. the IP address of the nearest data center.