You can configure policies to control how
traffic is managed as it traverses the
Deep Discovery Web
Inspector appliance. You can have one bypass policy with multiple entries
and one redirect policy with multiple entries. You should understand
Deep Discovery Web
Inspector priorities and
precedence in evaluating bypass/redirect policies.
-
Bypass policies are higher priority than redirect policies. If
traffic matches both a bypass policy and a redirect policy, the bypass
policy takes precedence and is used to evaluate the traffic.
-
The bypass entries are evaluated in order. When a network packet
is evaluated, the first matched entry is applied without evaluating
following bypass entries.
-
The redirect entries are evaluated in order. When a network
packet is evaluated, the first matched entry is applied without evaluating
following redirect entries.
Example:
Deep Discovery Web
Inspector is configured with
both a bypass policy and a redirect policy. Traffic enters Deep Discovery Web
Inspector from source IP
address 10.10.10.10:
Bypass policy:
Source IP:
10.10.10.10
10.10.10.0/24
Redirect policy:
Source IP:
10.10.10.0/24
The source IP address matches the first entry in the bypass policy and is
used for evaluation. The source address also matches the entry in the redirect
policy. Since the bypass policy takes priority, traffic from 10.10.10.10 bypasses
scanning.
