Add or review sites to the bypass list in Web Security Service

book

Article ID: 168700

calendar_today

Updated On:

Products

Endpoint Protection Web Security Service - WSS

Issue/Introduction

You want to add sites to the bypass list in the Symantec Web Security Service (WSS), or review the list of bypassed sites.

Resolution

IMPORTANT: Bypassed sites only apply to locations that use the Explicit Proxy and Unified Agent / WSS Agent (v4.4+) access methods to connect to WSS.  Symantec Endpoint Protection's (SEP) WSS Traffic Redirection (WTR) is considered an explicit access method.  Bypassed sites will not be effective for IPSEC (see notes below on how to bypass traffic for IPSEC connections).

To add sites to a bypass list:

  1. Log in to Web Security Service Portal
  2. Navigate to Connectivity
  3. Under Setup and Configuration > Select Bypassed Traffic
  4. Choose one of the following methods:
    • Bypassed IPs/Subnets tab.
      • WSS will bypass traffic that is sent to IP addresses/subnets in this list.
      • Applies to traffic from the WSS Agent and is available in PAC files for SEP endpoints and Explicit Proxy locations
      • For further information to implement "Bypassed IPs/Subnets," see Prevent IP/Subnet From Routing to the Web Security Service
    • Bypass Domains tab.
      • WSS will bypass traffic that is sent to domains in this list.
      • Applies to traffic from the WSS Agent and is available in PAC files for SEP endpoints and Explicit Proxy locations
      • For further information to implement "Bypass Domains," see Prevent a Domain From Routing to the Web Security Service
    • Bypass Executables tab.
      • Applies to traffic from the WSS Agent version 7.1.1 or later
      • The WSS Agent will not send traffic from these executables to WSS

Notes:

  • On premises where a Remote Internet Proxy is used on end-user hosts, bypassing that Internet Proxy on our service implies bypassing all Internet traffic.
  • For the Firewall/VPN and Proxy forwarding methods, it is necessary to bypass IP/subnets at the firewall/proxy gateway before they reach WSS.
  • For IPSEC and Explicit Proxy over IPSEC access methods, sites added to the bypass list are still sent to the WSS proxy.  The only way to prevent this from occurring, is to configure the router/firewall to exclude that traffic from the IPSEC tunnel, before it reaches the WSS.