In a chaining proxy environment, how can downstream proxy administrative download traffic (such as WebFilter, CachePulse, Appliance Certificate Request, License Key Automatic Installation, et c.) be forced to go direct to the internet without being forwarded to an upstream Symantec ProxySG or Advanced Secure Gateway (ASG)?

The following option will ensure a downstream proxy to connect directly to the Internet for administrative download

1. From Management Console GUI, select Configuration tab > Forwarding > Forwarding Hosts > Global Defaults tab
2. Configure the General Settings and uncheck the Use forwarding for administrative downloads option
3. This option is enabled by default once the Forwarding host is created

The prerequisite is that the downstream ProxySG and ASG must be able to perform DNS lookup directly towards external Symantec domains.