Proxy Forwarding to Cloud SWG: How to prevent the local ProxySG from forwarding requests to Cloud SWG for specific destinations.
search cancel

Proxy Forwarding to Cloud SWG: How to prevent the local ProxySG from forwarding requests to Cloud SWG for specific destinations.

book

Article ID: 168917

calendar_today

Updated On:

Products

ProxySG Software - SGOS Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Access Method: Proxy Forwarding


The default forwarding policy will forward all internet traffic the Cloud SWG


This article explains how to send requests to specific destinations DIRECT from the local ProxySG (and bypass the Cloud SWG).

Resolution

The default Cloud SWG forwarding policy should be modified to prevent the local ProxySG from forwarding specific traffic to the Cloud SWG


The following section should be modified to send specific domains to go DIRECT from local ProxySG (and bypass Cloud SWG): 

(Destinations should be added into the following two definitions): 


 
define condition BC_Cloud_Proxy_Bypass_List
   url.host.is_private=yes ; internal traffic
    ; Add any other public IPs that are not to route to the Web Security Service
    url.domain=portal.threatpulse.com; threatpulse portal
    url.domain=bluecoat.com ; style sheets
end
 
define condition BC_Cloud_Forward_Bypass_List
    server_url.host.is_private=yes ; internal traffic
    health_check=yes ; Normally, don't forward health checks
    ; And any other additions required to keep it in line
    ; with the above BC_Cloud_Proxy_Bypass_List
    server_url.domain=portal.threatpulse.com; threatpulse portal
end

 

For example, the definition will look like this if traffic to "bluecoat.com" should go DIRECT from local proxy: 
 
define condition BC_Cloud_Proxy_Bypass_List
   url.host.is_private=yes ; internal traffic
    ; Add any other public IPs that are not to route to the Web Security Service
    url.domain=portal.threatpulse.com; threatpulse portal
    url.domain=bluecoat.com ; style sheets
    url.domain=bluecoat.com
end
 
define condition BC_Cloud_Forward_Bypass_List
    server_url.host.is_private=yes ; internal traffic
    health_check=yes ; Normally, don't forward health checks
    ; And any other additions required to keep it in line
    ; with the above BC_Cloud_Proxy_Bypass_List
    server_url.domain=portal.threatpulse.com; threatpulse portal
    server_url.domain=bluecoat.com
end