Configuring exceptions

If there are any hosts that you do not want to use the proxy service, you must configure an exception for them. Minimally, you should add those hosts that are in the PAC file that is downloaded from the Forcepoint Web Security Cloud service (see Proxy auto-configuration (PAC) file in the Forcepoint Web Security Cloud help for more details).

You should also configure direct access to the cloud portal to allow the following:
  • Correct display of block pages
  • End-user self-registration
If you are using the roaming user home page, it should also be configured as an exception. The URL is:
http://home.webdefence.global.blackspider.com/
  1. To configure exceptions, click Firewall Policy, then select Network Objects from the Toolbox.

  2. Right-click Domain Name Sets and click New Domain Name Set.

  3. Give the new set a name (e.g., Forcepoint Web Security Cloud Unproxied). In the Domain names included in this set section, add all Forcepoint Web Security Cloud global exceptions (from the Forcepoint Web Security Cloud PAC file). These include the following Microsoft Windows update sites:
    download.microsoft.com
ntservicepack.microsoft.com
cdm.microsoft.com
wustat.windows.com
windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
update.microsoft.com
*.update.microsoft.com
*.windowsupdate.com
    Also, add the following cloud service sites:
    www.blackspider.com
mailcontrol.com
home.webdefence.global.blackspider.com
webdefence.global.blackspider.com

    Include any other exceptions appropriate for your environment.

  4. Click OK and Apply changes.
  5. Navigate back to the proxy chaining policy you created above, open the policy and click the To tab.
  6. In the Exceptions section, click Add.

  7. Expand Domain Name Sets, select the domain set you just created (Forcepoint Web Security Cloud Unproxied), and click Add.
  8. Click Close on Add Network Entities.
  9. Click OK on the web chaining policy and Apply the changes.