Configuring web service traffic to avoid the proxy

Web services can be configured in such a way to let their traffic avoid the proxy, in order to free up space on the proxy for other traffic. However, this operation should only be applied to web services that you fully trust.

1. Go to Configuration > Security policy > Filter - NAT, Filtering tab.

2. Click on New rule > Single rule.

3. Double-click on the number of the new rule.

4. In the window to edit rules, fill out the following information:

   • General tab, Status field: select On,

   • Action tab, Action field: select pass,

   • Source tab, Source hosts field: select Network_in,

   • Destination tab:

     • General sub-tab, Destination hosts field: select Any,

     • Geolocation/Reputation sub-tab, Web services and reputations section: select the web service in question. Remember, to avoid mistakenly allowing certain streams of web traffic, check the dependencies of the web service in question on the Stormshield Security Portal first.

5. Click on OK.

6. Place the rule at the top of the filter policy, above any rules that use the SNS firewall's proxy.