Bypassing authentication and filtering for internal networks

If you have an approved edge device that connects to the cloud service, you can override policy authentication and content filtering settings based on the IP addresses in your internal networks, so that specific nodes in a network (for example, guest networks) are forced to authenticate using an alternative method, or will not be authenticated at all.

If there is a conflict between the settings in this section and the settings in Bypassing authentication and filtering for user agents or sites, the IP address settings for the internal network take precedence.

To add a setting for an internal network:

Steps

  1. On the Authentication Bypass tab, click Add under Internal Network Traffic.
  2. Enter a Name for the rule. This name appears in the internal networks list on the Bypass Settings page, and you can click on it at a later date to edit your settings.
  3. Select the Authentication method for the rule. Note that you can only select a fallback option for the authentication type configured in the policy - for example, if the policy specifies NTLM identification, you can select Basic or No authentication, but not Form login.
    • Use defaults: Uses your default authentication method.
    • NTLM: Uses NTLM identification for the specified internal network(s). If an application is not NTLM-capable, basic authentication will be used instead. For more information about NTLM identification, see NTLM transparent identification.
      Note: You must have NTLM identification enabled for your account to use this option.
    • Form login: Displays the secure login form to users before they use their cloud credentials to proceed over a secure connection. For more information, see Access Control tab.
    • Basic: Uses the basic authentication mechanism supported by many web browsers. No welcome page is displayed. For more information on basic authentication, see Access Control tab.
    • No authentication: Bypasses all authentication and identification methods in the cloud service. Select this option for internal networks that should never use authentication credentials.
  4. Content analysis is enabled by default. Optionally, you can bypass all filtering for the specified internal network(s) by selecting Disabled.
    Warning: We strongly recommend you do not disable content filtering unless it is for applications and sites that do not work with the cloud service and that you trust implicitly. Disabling content filtering overrides all other filtering rules, including web category filtering actions. This means that all content is allowed. This could allow viruses and other malware into your network.
  5. To specify the internal network details, click Add.
    1. Enter a name for the network (for example, “Guest Network”).
    2. Select the network type. This can be an individual IP address, an IP address range, or a subnet.
    3. Enter the IP address, range, or subnet details.
    4. Click OK when you are done.
  6. Click Save.