Add sites to the Bypass List in the Cloud SWG (formerly known as WSS)
search cancel

Add sites to the Bypass List in the Cloud SWG (formerly known as WSS)

book

Article ID: 168700

calendar_today

Updated On:

Products

Endpoint Protection Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

You want to add sites to the Bypass List in the Symantec Cloud SWG (formerly known as WSS), or review the list of bypassed sites.

Resolution

IMPORTANT: Bypassed sites only apply to locations that use the Explicit Proxy and WSS Agent access methods to connect to Cloud SWG.  Symantec Endpoint Protection's (SEP) Cloud and Web access Protection enabled in PAC file mode (previously known as SEP WTR) is considered an explicit access method.  Bypassed sites will not be effective for IPSEC (see notes below on how to bypass traffic for IPSEC connections) or Proxy Forwarding/Chaining to Cloud SWG.

To add sites to a bypass list:

  1. Log in to Cloud SWG Portal
  2. Navigate to Connectivity
  3. Under Setup and Configuration > Select Bypassed Traffic
  4. Choose one of the following methods:
    • Bypassed IPs/Subnets tab.
      • Cloud SWG will bypass traffic that is sent to IP addresses/subnets in this list.
      • Applies to traffic from the WSS Agent and is available in PAC files for SEP endpoints and Explicit Proxy locations
      • For further information to implement "Bypassed IPs/Subnets," see Prevent IP/Subnet From Routing to the Web Security Service
    • Bypass Domains tab.
      • Cloud SWG will bypass traffic that is sent to domains in this list.
      • Applies to traffic from the WSS Agent and is available in PAC files for SEP endpoints and Explicit Proxy locations
      • For further information to implement "Bypass Domains," see Prevent a Domain From Routing to the Web Security Service
    • Bypass Executables tab.
      • Applies to traffic from the WSS Agent version 7.1.1 or later
      • Beginning with WSS Agent version 7.3.1 or later you are able to use wildcards for application bypasses, see Bypass Applications in WSSA
      • The WSS Agent will not send traffic from these executables to WSS

Notes:

  • On premises where a Remote Internet Proxy is used on end-user hosts, bypassing that Internet Proxy on our service implies bypassing all Internet traffic.
  • For the Firewall/VPN and Proxy forwarding methods, it is necessary to bypass IP/subnets at the firewall/proxy gateway before they reach Cloud SWG.
  • For IPSEC and Explicit Proxy over IPSEC access methods, sites added to the bypass list are still sent to the WSS proxy.  The only way to prevent this from occurring, is to configure the router/firewall to exclude that traffic from the IPSEC tunnel, before it reaches the Cloud SWG.
Powered by Wolken Software