Static bypass rules

You can configure bypass rules to direct requests from certain clients or to particular origin servers around the proxy. Unlike dynamic bypass rules that are purged when you restart the proxy, these static bypass rules are saved in a configuration file.

You can configure 3 types of static bypass rules:

• Source bypass, in which Content Gateway bypasses a particular source IP address or range of IP addresses.
• Destination bypass, in which Content Gateway bypasses a particular destination IP address or range of IP addresses. For example, these could be origin servers that use IP authentication based on the client’s real IP address.
• Source/destination pair bypass, in which Content Gateway bypasses requests that originate from the specified source to the specified destination. For example, you could route around specific client-server pairs that experience broken IP authentication or out of band HTTP traffic problems.

  Source/destination bypass rules might be preferable to destination rules because they block a destination server only for those particular users that experience problems.

  To configure static bypass rules, edit the bypass.config file (See bypass.config).

  Note: When Content Gateway bypass is enabled on the Web > Settings > Scanning > Bypass Settings page of the Forcepoint Security Manager, appropriate rules are added to bypass.config.