Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

Ironport Bypass local address

Hi,

Is there a way to bypass local addresses / intranet on ironport without using a pac file or WCCP?

For we have a local web server.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Ironport Bypass local address

Richard,

You can put the IP of the internal web server in the bypass list under Web Security Manager>Bypass Settings.

Anything to or from that web server won't be scanned by the WSA.

Ken

6 REPLIES

Ironport Bypass local address

Richard,

You can put the IP of the internal web server in the bypass list under Web Security Manager>Bypass Settings.

Anything to or from that web server won't be scanned by the WSA.

Ken

New Member

Ironport Bypass local address

Hi,

Thanks for the reply. So it doesn't matter if your using explicit or transparent mode?

Using Bypass settings will let you bypass local servers?

thanks

Ironport Bypass local address

No, it doesn't matter if you're in explicit or transparent mode.

It makes the WSA not inspect traffic to or from IPs or domains listed in the bypass settings. 

Cisco Employee

Ironport Bypass local address

Hi Richard,

The Bypass settings are used only when the device is deplyed in transparent mode (WCCP mode). If you have the client browsers point explicitly to IronPort, the Bypass settings are not considered.

If you are not using WCCP and PAC files, then other option would be use

"bypass proxy sever for local addresses" on the browser.

New Member

Ironport Bypass local address

Hi,

is there any other way to allow intranet on ironport without using PAC file / WCCP or going to every workstation allowing to bypass for local addresses?

Thanks

New Member

Ironport Bypass local address

Group Policy can be used to configured Windows PCs on a domain to not have to touch them all, but the PAC file (using the WPAD dns entry) or WCCP is a much more comprehensive solution since the ACL attached to WCCP would let the traffic that needs to flow directly (and cover all devices in the case of devices not applying group policies such as non-Windows OSs and non-domain PCs) or in the PAC file to have the logic that will run client side to determine what is local and what needs to be proxied (or use multiple proxies, etc.)

3152
Views
0
Helpful
6
Replies
CreatePlease login to create content