You may want to exclude specific senders or recipients from URL Protection policies. For example, where Targeted Threat Protection - URL Protect is enabled for messages sent from everyone to all internal recipients, but you want a specific team to be exempt. This is achieved by creating a URL Protection Bypass policy.
To create / change a URL Protection Bypass policy:
- Login to the Administration Console.
- Select the Administration | Gateway | Policies menu.
- Select the URL Protection Bypass menu item. This displays a list of existing bypass policies.
- Click the New Policy button.
- Complete the Options section as follows:
Field / Option Description Policy Narrative Provide a description of the bypass policy to enable you to identify it. This is kept with in the archive with the email. Select Option
From the drop down select whether to:
- Take no action
- Disable URL Protection
- Complete the Emails From and Emails To sections as follows:
Field / Option Description Addresses Based On
Specifies the email address characteristics that the policy is based on. The options are:
Option Description The Return Address (Mail Envelope From) This default setting applies the bypass policy to the SMTP address match, based on the email's envelope or true address (i.e. the address used during SMTP transmission). The Message From Address (Message Header From) Applies the bypass policy based on the masked address used in the message's header. Applies From / To
Specifies the Sender characteristics that the policy is based on. For multiple bypass policies, you should apply them from the most to least specific. The options are:
Option Description Everyone Includes all email users (i.e. both internal and external). This option is only available in the Emails From section. Internal Address Includes only internal organization addresses. External Address Includes only external organization addresses. This option is only available in the Emails From section. Email Domain Enables you to specify a domain name to which this bypass policy is applied. The domain name is entered in the Specifically field. Address Groups Enables you to specify a predefined AD or Local Group. The group is selected from the Profile Group field below using the Lookup button. Address Attributes Enables you to specify a predefined attribute. The attribute is selected from the Where Attribute drop down list. Once the attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts. Individual Email Address Enables you to specify an SMTP address. The email address is entered in the Specifically field.
- Complete the Validity section as follows:
Field / Option Description Set Policy as Perpetual Specifies that the bypass policy's start and end dates are set to Eternal. The result is the policy never expires. Date Range You can turn off the Set Policy as Perpetual option, and specify a start and end date for the bypass policy. Deselect the Eternal option and select the required dates. Policy Override
Select this option to override the default order that bypass policies are applied. If there are multiple applicable policies, this bypass policy is applied first unless more specific bypass policies of the same type have also been configured with an override.
Bi-Directional Use this setting if you want the bypass policy to also apply when the policy's recipient is the sender and the sender is the recipient. Source IP Ranges (n.n.n.n/x) Enter any required Source IP Ranges for the bypass policy. These only apply if the source IP address used to transmit the email data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
- Select Save and Exit to apply the policy.
It can take up to ten minutes for the bypass policy to be applied after selecting Save and Exit.