Proxy Chain to Explicit Proxy Exclusions - Commercial Cloud

When a user device with the SmartEdge agent 2.1.0 or higher version comes to the Explicit Proxy configured Site (branch office), then the Cloud SWG Explicit Proxy and the SmartEdge agent interoperate based on Agent Override Settings.

You must bypass the following domains on your firewall for the Agent Proxy Chain configuration to work correctly while using SmartEdge Agent 2.1.0 or higher version with Cloud SWG Explicit Proxy.

Cloud SWG

URL/Domain Description
d3loxeqnrcs4xe.cloudfront.net PAC file
<tenant domain>-prod.swg.forcepoint.io:8081 Cloud SWG Endpoint
Any tenant-created bypass domains Tenant specific bypassed domains

Non-Tunnel Traffic

Domains Description
portal.bitglass.com Configurations
fonts.googleapis.com Portal (font/images/scripts)

ajax.aspnetcdn.com

cdnjs.cloudflare.com

code.jquery.com

Scripts for portal.bitglass.com
s3.us-west-2.amazonaws.com Images for custom apps
kinesis.us-west-2.amazonaws.com Agent Logging

direct.smartedgehealth.com

d1r2dt8m1uujih.cloudfront.net

Agent Health check

On Port 80 and 443

bg-prod-ova.s3.amazonaws.com Portal (Discovery/ZTNA ISO/files)

cv.bitglass.com

cvr.bitglass.com

Agent Configuration
icap-service.btglss.net/icap/download_dlp ICAP download DLP to Dataplanes
saseagent.bgsecure.net Agent Dataplane Traffic
btglss.net Agentless or reverse proxied application access
smartedge-agent-svcs-apigw.bitglass.com Explicit Proxy Configuration and Agent Override settings
d3loxeqnrcs4xe.cloudfront.net Agent PAC file

d1lrg2q2l2g9t3.cloudfront.net

d35yjcem1gita5.cloudfront.net

dmksmfp72wh99.cloudfront.net

Agent Configurations
<tenant name>.swg.forcepoint.io Cloud SWG Explicit Proxy address on Port 8081
*.sso.bitglass.com Login client cert check

a2j7y6458wz48c-ats.iot.us-east-1.amazonaws.com

a2j7y6458wz48c-ats.iot.us-east-2.amazonaws.com

a2j7y6458wz48c-ats.iot.us-west-2.amazonaws.com

a2j7y6458wz48c-ats.iot.ap-southeast-1.amazonaws.com

a2j7y6458wz48c-ats.iot.ap-southeast-2.amazonaws.com

a2j7y6458wz48c-ats.iot.eu-west-2.amazonaws.com

a2j7y6458wz48c-ats.iot.eu-central-1.amazonaws.com

Agent Tray IOT Notifications

*.rbi.forcepoint.com

*-prod.rbi.forcepoint.net

RBI

On Ports 30000–32767

bitglass-prod-agent-artifacts.s3.amazonaws.com Portal (DirSync Agent)

ztnarouter.bitglass.com

ztnaagent.bgsecure.net

ZTNA
ztnahaproxy-us-west-2a-bank2.bitglass.com ZTNA Load Balancer

cdn.walkme.com

ec.walkme.com

ec-playback.walkme.com

papi.walkme.com

s3.walkmeusercontent.com

Walk-Me Portal Assistance
support.forcepoint.com Forcepoint Support portal
  • All domains going direct in the Agent PAC File URL
  • All domains going direct in the Explicit Proxy PAC File
All bypassed domains in Agent and Explicit Proxy PAC files

All Domains

Domains Description

proxy.smartedgehealth.com

d1r2dt8m1uujih.cloudfront.net

Agent Health check

port 80 and 443

<dashified domain>-<ID>.ztna.bitglass.com Agentless ZTNA
bitglass.com Dataplane session