Skip to main content

Welcome to our updated site!

Skyhigh Security

Firewall Configuration Examples

  1. Last updated
  2. Save as PDF

Following are the necessary configurations on the Client Proxy policy file and on the Firewall Settings tab to accomplish common examples:

Configure firewall settings in the same Client Proxy policy in which you have configured the bypass list. 

  1. Go to Settings > Infrastructure  > Client Proxy Management  > Firewall Settings.

cmngs.png

  1. In the Firewall Redirection mode section, select one of the following:
  • Send All Traffic to Firewall — Sends all traffic to Cloud Firewall. You can configure domains, IP addresses, ports, and processes in the Firewall Exception List to bypass the Cloud Firewall.

In the The Gateway is enabled. Before you save the configuration, follow these steps note, you can click steps to check the configuration details.

instructions.png

 

  • Exclude All Traffic from Firewall — No traffic is passed to Cloud Firewall. When you select this option, Cloud Firewall policy stands down and all traffic is managed by Client Proxy policy. However, you can configure domains, IP addresses, ports, and processes in the Firewall Exception List to redirect traffic through the Cloud Firewall.
Send all traffic to Client Proxy
Client Proxy Configuration​
  • Regular Client Proxy configuration​ on port 80 and 443
  • Add proxy bypass to the traffic which needs to be bypassed
Firewall Settings Set the Firewall Enabled setting to OFF
Outcome
  • All web traffic is intercepted and goes to Client Proxy
  • Bypassed Traffic will go directly
Send all traffic to Cloud Firewall​
Client Proxy Configuration​

Do one of the following:

  • In the Proxy Bypass tab, bypass all the web traffic you want to send to the Firewall.
  • Create a dummy gateway (DIRECT.SCP) and select that as the Primary Gateway.
Firewall Settings
  • Set the Firewall Enabled setting to ON
  • Select Send All Traffic to Firewall
  • Leave the Firewall Exception List empty
Outcome All traffic goes via Cloud Firewall​ and no traffic goes to Client Proxy 
Bypass Zoom and Teams traffic at proxy and send via Cloud Firewall
Client Proxy Configuration​

  • Regular Client Proxy configuration​ on port 80 and 443

  • Configure bypass list with Zoom and Teams related domains, IP addresses and processes

Firewall Settings
  • Set the Firewall Enabled setting to ON
  • Select Send All Traffic to Firewall
  • Leave the Firewall Exception List empty
Outcome Zoom and Teams traffic is forwarded to Cloud via Cloud Firewall
Forward Zoom traffic via Cloud Firewall, certain domains to local Proxy and bypass certain domains to Internet directly
Client Proxy Configuration​
  • Enable List based redirection using Alternate Gateway.

  • Add the domains to be redirected to local proxy in the Alternate Gateway redirection lists

  • Bypass Zoom based domains, or IP addresses, or processes
  • Bypass traffic that needs to directly go to internet

Firewall Settings
  • Set the Firewall Enabled setting to ON
  • Select Send All Traffic to Firewall
  • Configure the entries that should bypass the Cloud Firewall in the Firewall Exception List 
Outcome Domains added to the Alternate redirection list will go to the local proxy, and Zoom traffic is forwarded via Cloud Firewall and traffic configured in the Firewall Exception list will be bypassed and sent directly.
Send specific traffic via Cloud Firewall and bypass the rest
Client Proxy Configuration​

Do one of the following:

  • In the Proxy Bypass tab, bypass all the web traffic you want to send to the Firewall.
  • Create a dummy gateway (DIRECT.SCP) and select that as the Primary Gateway.

Firewall Settings
  • Set the Firewall Enabled setting to ON
  • Select Exclude All Traffic from Firewall
  • Configure the entries that should bypass the Cloud Firewall in the Firewall Exception List 
Outcome Traffic configured in the Firewall Exception list will go via Cloud Firewall and rest is bypassed.