This article details the known issues that users may encounter when using IWSaaS.
Below are the known issues that users may come across with when using IWSaaS.
When a website is set to 'DIRECT' in the PAC file in order to bypass the proxy, the website may display abnormally in Internet Explorer.
When using a Proxy Auto-Configuration (PAC) file and specifying a website as 'DIRECT', Internet Explorer treats this site as part of the 'Local Intranet' zone. As a result, some embedded objects belonging to domains other than the main page of the website, display incorrectly. This is because IE treats other domains as part of the 'Internet' zone, which cannot share the IWSaaS logon cookie with the main page due to IE's security restriction.
To resolve this issue, go to Tools > Internet Options > Security and enable the Protected Mode for all zones. Next, go to Tools > Internet Options > General, and from the Browsing history area, delete temporary internet files, history, cookies, saved passwords, and web form information. Finally, restart IE.
IWSaaS may falsely consider a user as 'unknown', which is reflected in the log and report.
This issue may occur in the following circumstances:
- When traffic is from a non-browser application (example: MSN, iTunes) and comes from a registered gateway
- When traffic is from a registered gateway that does not require user log in
- When HTTPS traffic comes from a registered gateway and the HTTPS/SSL policy is disabled
Some non-browser applications may fail to log in through the IWSaaS proxy
For both gateway and mobile VPN users, non-browser applications are not fully compatible with the HTTP protocol, so they cannot pass authentication credentials back to IWSaaS.
To resolve the issue, use a browser to access any HTTP site and then use the non-browser application to try again. If you can log in to a non-browser application directly but cannot log in to IWSaaS, contact Trend Micro Technical Support.
Client browser cannot access a website normally
A client browser cannot access a website normally if the client system time is off by more than one hour.
To resolve this, correct the client system time.
IWSaaS blocks legitimate websites
Some web servers may dynamically block the connection for a specific IP addresses. Therefore, if you can access a website directly and access to this website through IWSaaS fails, the website may not be permitting connections from IWSaaS.
To resolve the issue, contact Trend Micro Technical Support.