Adding and importing sites that bypass the proxy

The Proxy Bypass tab of the Bypass Settings page enables you to define sites that bypass the cloud service for all policies. This may include, for example, internal sites that are not accessible from the Internet, so the cloud service cannot serve or analyze them.

A proxy bypass destination can be a domain name, an IP address, or a subnet.

Both the Proxy Connect and Direct Connect endpoint clients use the bypass definitions. In the case of the Neo or Direct Connect endpoint, destinations in the bypass list are not analyzed by the cloud service.

When a PAC file is used to direct traffic through the cloud proxy, configured destinations are added to the PAC file for your organization.

If your organization uses Microsoft Office 365, select the Office 365 box under Cloud Applications and click Save to bypass the cloud service for sites and URLs associated with Office 365.


	Note The URLs included in the bypass list for Office 365 are those domains that are owned by Microsoft and used directly by the Office 365 application, listed here: https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges This list also includes third-party URLs that host Certificate Revocation Lists (CRLs), which are not included in the bypass when you select the Office 365 checkbox. Bypassing these domains may not be appropriate for all customers. If you have difficulty installing or using Office 365 with this option selected, you may need to add one or more of these additional URLs as non-proxied domains. If you need further assistance, please contact Technical Support.

You can also configure policy-specific bypass destinations on the Connections tab of each policy. For more information, see Proxy bypass.

To add a new bypass destination:

Click Add.

Enter a Name and helpful Description for the destination.

Specify the destination Type, then enter the Address (single IP address), Subnet (using CIDR notation or subnet mask), or Domain.

If the traffic should bypass the cloud proxy, but go through a third-party proxy in your network, mark Send traffic to another proxy.

Use the optional Comment box to add helpful information, such as why the entry was created.

Click Submit.

To import bypass destinations in bulk:

Click Import Destinations.

Click the CSV template link, and save the template in a location of your choice.

Add the bypass destination information to the template file.

The template file contains the following columns: Name, Type, Destination, and Description. Only Description is optional; all other columns must be filled in. Ensure the Type column contains either Address, Domain, or Subnet, and any destinations with the Subnet type use CIDR notation. For example:

Name Type Destination Description

Dest1 Domain destination1.com Here is a description

Dest2 Address 154.10.2.36 Another description

Dest3 Subnet 154.10.2.38/19 Yet another description

Save the file.

On the Import Destinations page, browse to your CSV file, then click Import.

Once the destinations are successfully imported, the Import Destinations page closes and the imported destinations are listed on the Proxy Bypass tab. If the import fails, any errors are listed on the Import Destinations page. Each error states which line of the CSV file is affected, and explains the problem; fix any issues before trying the import process again.


	Note You can add a total of 1000 proxy bypass destinations per policy. Account-level bypass destinations (added via Web > Proxy Bypass) count towards this limit for each policy. For example, if your policy has 10 bypass destinations, and you have 10 account-level bypass destinations, this is counted as a total of 20 destinations for the policy.