When a bypass policy is configured and traffic
matches an entry in the policy, Deep Discovery Web
Inspector bypasses network traffic scanning of that traffic and sends
the traffic straight to the end point. You can configure bypass policies to match
traffic based on the following:
-
Source IP addresses
-
Destination IP addresses
-
HTTPS domains
 |
NoteDeep Discovery Web
Inspector
first evaluates matches in the Source IP address and Destination IP address
bypass lists, then evaluates matches in the HTTPS domain bypass list (by
comparing destination IP addresses of traffic with all IP addresses of this
domain name), if any of the entries in the bypass lists are matched, traffic is
bypassed.
An IP address might be associated with multiple domain names. In this case, Deep Discovery Web
Inspector bypasses all
the matching domains.
|
|
NoteIf both a redirect policy and a bypass policy are configured, you should
understand the priority and precedence rules that Deep Discovery Web
Inspector uses for
evaluating traffic. See Bypass/Redirect Policies Priorities and
Precedence.
|
Procedure
- Specify the bypass settings.OptionDescription
Add Source IP Address Add one or more source IP address entries, one entry at a time, by adding an IP address entry and then clicking Add Source IP Address.You can add an IP address entry using any of the following formats:10.10.10.10 10.1.1.0/24 192.168.1.1-192.168.1.5
Add Destination IP Address Add one or more destination IP address entries, one entry at a time, by adding an IP address entry and then clicking Add Destination IP Address.You can add an IP address entry using any of the following formats:10.10.10.10 10.1.1.0/24 192.168.1.1-192.168.1.5
Add HTTPS Domain Add one or more HTTPS domain entries, one entry at a time, by adding a domain name entry and then clicking Add HTTPS Domain.You can use wildcards when adding entries (* and ?). The domain prefixhttps://is insensitive and should not be included in the input for matching.test?.example.com example.com *.example2.com
- Click Save.