Share via

Global Secure Access – Forwarding Policy Not Applying / Web Filtering via Secure Web Gateway Not Working

Henry 0 Reputation points
2025-04-16T01:30:31.3933333+00:00

Hi everyone,

I’m trying to enable web filtering on a Windows 11 device using Microsoft Global Secure Access and the Secure Web Gateway (SWG). I’ve installed the Global Secure Access Client, and most Health Check diagnostics pass, except for this message:

“Forwarding policy doesn’t exist in registry.”

I created a traffic forwarding policy in the Microsoft Entra admin center (under Global Secure Access > Traffic forwarding) and assigned it to the appropriate user/device group. However, the policy doesn’t seem to be applying to the device — and web filtering isn’t working either.

Has anyone encountered this issue? How can I:

Ensure the forwarding policy is properly applied and reflected in the client registry?

Enable Secure Web Gateway web filtering successfully on a client device?

Any tips or troubleshooting steps would be greatly appreciated!

Thanks in advance.

Microsoft Entra Private Access
Microsoft Entra Private Access
Microsoft Entra Private Access provides secure and deep identity-aware, Zero Trust network access to all private apps and resources.
112 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sanoop M 2,660 Reputation points Microsoft External Staff
    2025-04-17T01:52:04.8+00:00

    Hello @Henry,

    Based on your issue description, I understand that you are trying to enable web filtering on a Windows 11 device using Microsoft Global Secure Access and the Secure Web Gateway (SWG). You have installed the Global Secure Access Client, and most Health Check diagnostics pass, except for this message:

    “Forwarding policy doesn’t exist in registry.”

    Based on the above error message what you are seeing in the Advanced Diagnostics Health Check tab, please follow the below steps to check whether the following registry key is existing or not.

    Forwarding profile registry exists

    This test verifies that the following registry key exists: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Global Secure Access Client\ForwardingProfile

    If the registry key doesn't exist, try to force forwarding policy retrieval:

    1. Delete the Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Global Secure Access Client\ForwardingProfileTimestamp registry key, if it exists.
    2. Restart the service, Global Secure Access Policy Retriever Service.
    3. Check if the two registry keys are created.
    4. If not, look for errors in the Event Viewer.

    Reference document: Troubleshoot the Global Secure Access client: Health check - Global Secure Access

    I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.