You can allow access to update servers and other destinations where updates are retrieved from globally without restricting it by anything. Retrieving these updates is required for the filtering process, including, for example, updates of certificate revocation lists or malware patterns.
When a request for access to any of these web objects is received on Secure Web Gateway, filtering is bypassed for all the rules in this rule set and the rule sets that follow it on the policy tree, which means they are not processed anymore.
This ensures that the web objects you configure here can be accessed, regardless of any other rule that might still block this access.
- On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.
From the policy tree in the navigation panel, select Global Bypass > Update Server Bypass.
The selected rule set appears in the configuration area on the right.
Configure when this rule set should apply.
Under Criteria, leave the default All Traffic, as you want the rules in this rule set to apply to all web traffic.
- Next to Applies to, leave the default Request, as you want the rules in this rule set to be processed in the request cycle of web filtering on Secure Web Gateway.
Configure the rules that are preset in this rule set as needed.
These rules are shown under Preset Rules. For example, there's a rule that allows bypassing for requests to access Microsoft Windows update servers.
Click a rule that is marked in blue to open a panel with more information about it.
For example, when you click the rule for the Microsoft Windows update servers, a list of relevant host names is shown.
- Enable or disable any of the rules. Use the toggle checkbox at the beginning of the row for a rule to do this.
You can also create rules of your own and add them to this rule set. Click the three dots at the end of the top row and select the option for creating a new rule from the drop-down menu.
This menu also includes an option for reviewing and modifying the underlying code for a rule set.
To enable or disable the complete rule set, use the On/Off toggles.
The filtering process now follows what you have configured for the rules that allow the bypassing of web filtering when a user sends a request to access an update server.