Bypassing authentication and filtering for internal networks
If you have an approved edge device that connects to the cloud service, you can override policy authentication and content filtering settings based on the IP addresses in your internal networks, so that specific nodes in a network (for example, guest networks) are forced to authenticate using an alternative method, or will not be authenticated at all.
If there is a conflict between the settings in this section and the settings in Bypassing authentication and filtering for user agents or sites, the IP address settings for the internal network take precedence.
To add a setting for an internal network: