CloudSOC CASB Gateway

If we are using WSS integrated with CASB do we still need to deploy the reach agent if the hosts have the Unified Agent installed 

we plan on running pac file with all traffic directed to WSS for on premise access, Then for all off premise users laptops etc just the Unfied agent directing all traffic to WSS 

in this scenario is the reach agent required ?

we have had a mixed response from support - firstly they said the pac file will work but it doesnt seem to be able to handle forwarding from WSS to the gatelets then we were told reach agent is required to run with pac file now we are told the integration is broken and some services are unable to be integrated with WSS using pac file and that Unified agent on all hosts should work fine. 

any insights into how this should be configured would be greatly appreciated 

With WSS integrated into CASB, it will forward traffic to CASB independant of the access method used. That said, the CloudSOC Reach Agent will conflict with WSS access methods and should not be used in conjunction with PAC files, Unified Agent, etc. 

Make sure SSL Inspection is enabled on WSS, and traffic can get to gw.elastica.net. If you are experiencing additional issues or your WSS Sync is broken, you will need to open a support case with the WSS team and CASB team to troubleshoot and fix.