Configure Cloud Security Gateway bypass settings

Cloud Security Gateway bypass settings direct traffic for specific domains to an alternative service using an entry in the PAC file used by endpoint for traffic steering. Private Access uses this capability to recognize traffic for your internal applications and to direct it to the appropriate Private Access service edge.

For each internal application that your Cloud Security Gateway users will need to access remotely, create a bypass destination that forwards traffic destined for the application's external FQDN to the appropriate Private Access service edge, using the alternate proxy setting.

Note: You can add bypass settings at the account or the policy level in the Cloud Security Gateway portal. For ease of management, Forcepoint recommends using account-level bypasses, as described below.

1. Sign in to the Cloud Security Gateway portal.
2. Go to Web > Bypass Settings.
3. Click the Proxy Bypass tab.
4. In the Proxy Bypass list, click Add.
5. Give the entry a name and an optional description, for example the name of the internal application. We recommend you use the name of the private application, as defined in the Private Access management portal.
6. Set the Type drop-down menu to Domain.
7. In the Domain box, add the external FQDN for the private application, as defined in the Private Access management portal.
   The External FQDN is found in the Private Access management portal, under Administration > Connectivity > Private applications. Click the name of the private application in the list to view its details.
8. Check Send traffic to another proxy.
9. In the box that appears, enter the service edge address for the private application, as given in the Private Access management portal.
   The Service edge address is found in the Private Access management portal, under Administration > Connectivity > Private applications. Click the name of the private application in the list to view its details.
10. Click Submit.