Mimecast Web Security: Managing Exceptions

Document created by user.oxriBaJeN4 Employee on Aug 6, 2018Last modified by user.oxriBaJeN4 Employee on May 2, 2019
Version 23Show Document
  • View in full screen mode

This guide describes how you can allow your trusted domains and IPs to bypass the Mimecast Web Security functionality by configuring Exceptions.


The domains / IPs added to your Exceptions list will not connect with Mimecast, so any configured security policies are nonapplicable and user activity is not logged. We recommend that all Exceptions are carefully considered. They should be domain areas that are frequently utilized and fully trusted (i.e. internal company sites).


To make the initial configuration process easier, new customers will have a default Exceptions list created in their account with the following TLDs. Administrators can modify the following list of default exceptions, and add them manually should they be required: 

  • local
  • internal
  • lan
  • home
  • corp
  • localdomain
  • domain
  • mail


If you wish to have more granular control over the domains you allow users to access, we recommend adding top-level domains / sub-domains to your allow / block lists in a Domain Filtering policy. View the "Configuring a Domain Filtering Policy" section of the Mimecast Web Security: Managing a Policy page for more information.

For devices with the Mimecast Security Agent installed, add your internal domains to the exception list so the MSA won't look up internal domain addresses in your organization. For cloud only setups, internal domain requests will not be forwarded outside your organization as the request goes to your internal DNS server before being passed to Mimecast Web Security.

Accessing Exceptions


To access exceptions:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A dropdown menu displays.
  3. Click on the Web Security | Exceptions menu item.


Adding an Exception

If you have multiple exceptions, each must be added as a separate entry.

To add a new exception:

  1. Click on the Add New Exception button.
  2. Complete the popout panel displayed on the right of the screen:
    Field / OptionDescription
    NameAdd a description for the exception (e.g. Internal Subsidiary Domain). 
    TypeSelect whether the exception is a "Domain" or "IP Range" from the dropdown list. The selected field displays.
    DomainSpecify a domain name.
    Adding a domain as an exception also adds any of its subdomains as an exception. For example adding "acme.com" also adds "subdomain.acme.com".
    IP RangeSpecify the IP address range in CIDR format.
  3. Click on the Add button.


Edit an ExceptionEditing an Exception


To edit an exception:

  1. Click on an exception. The Edit an Exception dialog displays.
  2. Edit the fields as required.
  3. Click on the Save button.


Deleting an Exception


To delete an exception:

  1. Click on the Dots Icon icon to the right of the exception.
  2. Click on the Delete menu item. A confirmation popup box displays.
  3. Click on the Delete button to confirm.


Searching Exceptions


Searching ExceptionsTo search for an exception:

  1. Click on the All down arrow next to the search field.
  2. Select one of the following filters:
    • All: Searches all exceptions regardless of the type. This is the default.
    • Name: Searches for the exception name.
    • Domain: Searches for the domain name.
    • IP Address / Range: Searches the IP address range.
  3. Enter your search criteria in theSearch field (e.g. name, domain, IP address).
  4. Press the Enter key or click on the search icon. Your results display.


See Also...