Cloud Proxy Forwarding - How to prevent the Local ProxySG from forwarding request to Cloud Services for specific destinations.

book

Article ID: 168917

calendar_today

Updated On:

Products

CDP Integration Server ProxySG Software - SGOS

Issue/Introduction

By default Cloud Forward policy will forward all internet traffic to cloud services.
This article explains how to send request to specific destinations DIRECT from ProxySG bypassing Cloud services. 

Resolution

The existing Cloud “Proxy Forwarding policy” should be modified to prevent the local ProxySG to forward the traffic to Cloud services.
The following section on the default “Proxy Forwarding policy” should be modified to send specific URL requests to go DIRECT from Local ProxySG.
The destinations should be added into the following two definitions.
 
define condition BC_Cloud_Proxy_Bypass_List
   url.host.is_private=yes ; internal traffic
    ; Add any other public IPs that are not to route to the Web Security Service
    url.domain=portal.threatpulse.com; threatpulse portal
    url.domain=bluecoat.com ; style sheets
end
 
define condition BC_Cloud_Forward_Bypass_List
    server_url.host.is_private=yes ; internal traffic
    health_check=yes ; Normally, don't forward health checks
    ; And any other additions required to keep it in line
    ; with the above BC_Cloud_Proxy_Bypass_List
    server_url.domain=portal.threatpulse.com; threatpulse portal
end

 
For example, the definition will look like below if all request to www.bluecoat.com should go DIRECT from local proxy.
 
define condition BC_Cloud_Proxy_Bypass_List
   url.host.is_private=yes ; internal traffic
    ; Add any other public IPs that are not to route to the Web Security Service
    url.domain=portal.threatpulse.com; threatpulse portal
    url.domain=bluecoat.com ; style sheets
    url.domain=bluecoat.com
end
 
define condition BC_Cloud_Forward_Bypass_List
    server_url.host.is_private=yes ; internal traffic
    health_check=yes ; Normally, don't forward health checks
    ; And any other additions required to keep it in line
    ; with the above BC_Cloud_Proxy_Bypass_List
    server_url.domain=portal.threatpulse.com; threatpulse portal
    server_url.domain=bluecoat.com
end