Creating / Changing a URL Protection Bypass Policy

Document created by user.oxriBaJeN4 Employee on Sep 7, 2015Last modified by user.oxriBaJeN4 Employee on Mar 27, 2017
Version 5Show Document
  • View in full screen mode

You may want to exclude specific senders or recipients from URL Protection policies. For example, where Targeted Threat Protection - URL Protect is enabled for messages sent from everyone to all internal recipients, but you want a specific team to be exempt. This is achieved by creating a URL Protection Bypass policy.


To create / change a URL Protection Bypass policy:

  1. Login to the Administration Console.
  2. Select the Administration | Gateway | Policies menu.
  3. Select the URL Protection Bypass menu item. This displays a list of existing bypass policies.
  4. Click the New Policy button.
  5. Complete the Options section as follows:

    Field / OptionDescription
    Policy NarrativeProvide a description of the bypass policy to enable you to identify it. This is kept with in the archive with the email.
    Select Option

    From the drop down select whether to:

    - Take no action

    - Disable URL Protection


  6. Complete the Emails From and Emails To sections as follows:

    Field / OptionDescription
    Addresses Based On

    Specifies the email address characteristics that the policy is based on. The options are:


    The Return Address (Mail Envelope From)This default setting applies the bypass policy to the SMTP address match, based on the email's envelope or true address (i.e. the address used during SMTP transmission).
    The Message From Address (Message Header From)Applies the bypass policy based on the masked address used in the message's header.
    Applies From / To

    Specifies the Sender characteristics that the policy is based on. For multiple bypass policies, you should apply them from the most to least specific. The options are:


    EveryoneIncludes all email users (i.e. both internal and external). This option is only available in the Emails From section.
    Internal AddressIncludes only internal organization addresses.
    External AddressIncludes only external organization addresses. This option is only available in the Emails From section.
    Email DomainEnables you to specify a domain name to which this bypass policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a predefined AD or Local Group. The group is selected from the Profile Group field below using the Lookup button.
    Address AttributesEnables you to specify a predefined attribute. The attribute is selected from the Where Attribute drop down list. Once the attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.


  7. Complete the Validity section as follows:

    Field / OptionDescription
    Set Policy as PerpetualSpecifies that the bypass policy's start and end dates are set to Eternal. The result is the policy never expires.
    Date RangeYou can turn off the Set Policy as Perpetual option, and specify a start and end date for the bypass policy. Deselect the Eternal option and select the required dates.
    Policy Override

    Select this option to override the default order that bypass policies are applied. If there are multiple applicable policies, this bypass policy is applied first unless more specific bypass policies of the same type have also been configured with an override.

    Bi-DirectionalUse this setting if you want the bypass policy to also apply when the policy's recipient is the sender and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the bypass policy. These only apply if the source IP address used to transmit the email data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.


  8. Select Save and Exit to apply the policy.

It can take up to ten minutes for the bypass policy to be applied after selecting Save and Exit.

3 people found this helpful