Proxy Chain to Explicit Proxy Exclusions - Commercial Cloud
When a user device with the SmartEdge agent 2.1.0 or higher version comes to the Explicit Proxy configured Site (branch office), then the Cloud SWG Explicit Proxy and the SmartEdge agent interoperate based on Agent Override Settings.
You must bypass the following domains on your firewall for the Agent Proxy Chain configuration to work correctly while using SmartEdge Agent 2.1.0 or higher version with Cloud SWG Explicit Proxy.
Cloud SWG
| URL/Domain | Description |
|---|---|
| d3loxeqnrcs4xe.cloudfront.net | PAC file |
| <tenant domain>-prod.swg.forcepoint.io:8081 | Cloud SWG Endpoint |
| Any tenant-created bypass domains | Tenant specific bypassed domains |
Non-Tunnel Traffic
| Domains | Description |
|---|---|
| portal.bitglass.com | Configurations |
| fonts.googleapis.com | Portal (font/images/scripts) |
|
ajax.aspnetcdn.com cdnjs.cloudflare.com code.jquery.com |
Scripts for portal.bitglass.com |
| s3.us-west-2.amazonaws.com | Images for custom apps |
| kinesis.us-west-2.amazonaws.com | Agent Logging |
|
direct.smartedgehealth.com d1r2dt8m1uujih.cloudfront.net |
Agent Health check On Port 80 and 443 |
| bg-prod-ova.s3.amazonaws.com | Portal (Discovery/ZTNA ISO/files) |
|
cv.bitglass.com cvr.bitglass.com |
Agent Configuration |
| icap-service.btglss.net/icap/download_dlp | ICAP download DLP to Dataplanes |
| saseagent.bgsecure.net | Agent Dataplane Traffic |
| btglss.net | Agentless or reverse proxied application access |
| smartedge-agent-svcs-apigw.bitglass.com | Explicit Proxy Configuration and Agent Override settings |
| d3loxeqnrcs4xe.cloudfront.net | Agent PAC file |
|
d1lrg2q2l2g9t3.cloudfront.net d35yjcem1gita5.cloudfront.net dmksmfp72wh99.cloudfront.net |
Agent Configurations |
| <tenant name>.swg.forcepoint.io | Cloud SWG Explicit Proxy address on Port 8081 |
| *.sso.bitglass.com | Login client cert check |
|
a2j7y6458wz48c-ats.iot.us-east-1.amazonaws.com a2j7y6458wz48c-ats.iot.us-east-2.amazonaws.com a2j7y6458wz48c-ats.iot.us-west-2.amazonaws.com a2j7y6458wz48c-ats.iot.ap-southeast-1.amazonaws.com a2j7y6458wz48c-ats.iot.ap-southeast-2.amazonaws.com a2j7y6458wz48c-ats.iot.eu-west-2.amazonaws.com a2j7y6458wz48c-ats.iot.eu-central-1.amazonaws.com |
Agent Tray IOT Notifications |
|
*.rbi.forcepoint.com *-prod.rbi.forcepoint.net |
RBI On Ports 30000–32767 |
| bitglass-prod-agent-artifacts.s3.amazonaws.com | Portal (DirSync Agent) |
|
ztnarouter.bitglass.com ztnaagent.bgsecure.net |
ZTNA |
| ztnahaproxy-us-west-2a-bank2.bitglass.com | ZTNA Load Balancer |
|
cdn.walkme.com ec.walkme.com ec-playback.walkme.com papi.walkme.com s3.walkmeusercontent.com |
Walk-Me Portal Assistance |
| support.forcepoint.com | Forcepoint Support portal |
|
All bypassed domains in Agent and Explicit Proxy PAC files |
All Domains
| Domains | Description |
|---|---|
|
proxy.smartedgehealth.com d1r2dt8m1uujih.cloudfront.net |
Agent Health check port 80 and 443 |
| <dashified domain>-<ID>.ztna.bitglass.com | Agentless ZTNA |
| bitglass.com | Dataplane session |