You
can configure bypass/redirect policies to control how traffic is managed as it traverses
the
Deep Discovery Web
Inspector appliance.
By default, all traffic is scanned according to configured scan policies and
HTTPS inspection policies. However, you can use bypass/redirect policies to specify
that
some traffic is redirected to the scan daemon of Deep Discovery Web
Inspector while other traffic
bypasses scanning and traverses straight through the appliance to the endpoint.
 |
Note
Bypass/redirect policies work only in bridge mode. In proxy mode,
bypass/redirect policies do not work.
|
Types of Policies
You can configure the following types of policies:
-
Bypass
Bypass traffic based on source IP addresses, destination IP
addresses, or HTTPS domains.
All traffic is scanned according to scan and HTTPS inspection
policies except for traffic that matches source IP addresses, destination IP
addresses, or HTTPS domains configured in the bypass policy.
You can use a bypass policy to exclude traffic from certain
devices that do not require scanning (such as printers) or that you do not
want scanned.
- Redirect
Redirect traffic
based on source or destination IP addresses or source or destination MAC
addresses.
Traffic is scanned only for traffic that
matches source or destination IP addresses or sources or destination MAC
addresses configured in the redirect policy. All other traffic is bypassed
with no scanning.
You can use a redirect policy when most
traffic that you want scanned comes only from or is destined to certain
devices (such as gateways and routers).
