cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6403
Views
0
Helpful
6
Replies

Ironport Bypass local address

Hi,

Is there a way to bypass local addresses / intranet on ironport without using a pac file or WCCP?

For we have a local web server.

Thanks

1 Accepted Solution

Accepted Solutions

Richard,

You can put the IP of the internal web server in the bypass list under Web Security Manager>Bypass Settings.

Anything to or from that web server won't be scanned by the WSA.

Ken

View solution in original post

6 Replies 6

Richard,

You can put the IP of the internal web server in the bypass list under Web Security Manager>Bypass Settings.

Anything to or from that web server won't be scanned by the WSA.

Ken

Hi,

Thanks for the reply. So it doesn't matter if your using explicit or transparent mode?

Using Bypass settings will let you bypass local servers?

thanks

No, it doesn't matter if you're in explicit or transparent mode.

It makes the WSA not inspect traffic to or from IPs or domains listed in the bypass settings. 

Hi Richard,

The Bypass settings are used only when the device is deplyed in transparent mode (WCCP mode). If you have the client browsers point explicitly to IronPort, the Bypass settings are not considered.

If you are not using WCCP and PAC files, then other option would be use

"bypass proxy sever for local addresses" on the browser.

Hi,

is there any other way to allow intranet on ironport without using PAC file / WCCP or going to every workstation allowing to bypass for local addresses?

Thanks

Group Policy can be used to configured Windows PCs on a domain to not have to touch them all, but the PAC file (using the WPAD dns entry) or WCCP is a much more comprehensive solution since the ACL attached to WCCP would let the traffic that needs to flow directly (and cover all devices in the case of devices not applying group policies such as non-Windows OSs and non-domain PCs) or in the PAC file to have the logic that will run client side to determine what is local and what needs to be proxied (or use multiple proxies, etc.)