You
can configure bypass/redirect policies to control how traffic is managed as it traverses
the Deep Discovery Web
Inspector appliance.
By default, all traffic is scanned according to configured scan policies and
HTTPS inspection policies. However, you can use bypass/redirect policies to specify
that
some traffic is redirected to the scan daemon of Deep Discovery Web
Inspector while other traffic
bypasses scanning and traverses straight through the appliance to the endpoint.
 |
NoteBypass/redirect policies work only in bridge mode. In proxy mode,
bypass/redirect policies do not work.
|
Types of Policies
You can configure the following types of policies:
-
BypassBypass traffic based on source IP addresses, destination IP addresses, or HTTPS domains.All traffic is scanned according to scan and HTTPS inspection policies except for traffic that matches source IP addresses, destination IP addresses, or HTTPS domains configured in the bypass policy.You can use a bypass policy to exclude traffic from certain devices that do not require scanning (such as printers) or that you do not want scanned.
- RedirectRedirect traffic based on source or destination IP addresses or source or destination MAC addresses.Traffic is scanned only for traffic that matches source or destination IP addresses or sources or destination MAC addresses configured in the redirect policy. All other traffic is bypassed with no scanning.You can use a redirect policy when most traffic that you want scanned comes only from or is destined to certain devices (such as gateways and routers).