Skip to end of metadata
Go to start of metadata


Description:

In isolated cases it can happen, that particular web pages (or applications which use HTTP(S) for communication) cannot be invoked when using the HTTP(S)-Proxy. In such a case it is necessary to create an exception for such a web page / application, so that the traffic isn't routed via the HTTP(S)-Proxy.

This article describes the options to create a bypass for particular web pages / applications, so that they aren't filtered by the HTTP(S)-Proxy.

The URLs and IP addresses needed for Microsoft 365 (formerly Office 365) can be found on the Microsoft 365 help page.


Requirements:


Procedure:

1) Entering the DNS name in the HTTP-Proxy:

1.1) Open the configuration of the Unified Firewall in a web browser and go to the menu UTM → Proxy → HTTP Proxy Settings.

1.2) Enter the desired web page in the Whitelist and click on the "Plus" button to add it to the list.

Click on Save afterwards.

Please note, that the Whitelist doesn't evaluate the URL but simply the SAN (Subject Alternative Name) of the SSL certificate. Thus it can occur, that individual sub domains cannot be invoked.



2) Creating a separate firewall rule with the public IP address of the web server:

2.1) Open the configuration of the Unified Firewall in a web browser and click on the button to Create a host.

Please note, that only one IP address can be entered in a host object. Thus, if several IP addresses are needed, you have to create a host/network group.

2.2) Edit the following parameters and click Create:

  • Name: Enter a meaningful name for the web page object.
  • Connected to: In the dropdown-menu select the object internet.
  • IP Adress: Enter the public IP address of the web page, for which the exception should be created.

If you have several internet connections and the web page should be reachable via all of these connections, you have to set the parameter Connected to to any. Otherwise you would have to create a host object for each internet connection.

2.3) On the desktop click on the network object, select the Connection Tool and click on the host object created in step 2.2).

2.4) From the protocol list add HTTP and HTTPS.

2.5) For the protocol HTTP click once on the green arrow under Action so it points to the right and then click on None under Options.

2.6) For the parameter NAT / Masquerading select the option left-to-right and click OK.

2.7) Repeat the steps 2.5) and 2.6) for the protocoll HTTPS.

2.8)  The connection now has to look as follows. Click on Create afterwards.

2.9) Click on Activate, so that the changes are implemented by the Unified Firewall.