The Umbrella AnyConnect Secure Web Gateway (SWG) Agent is a component of the Umbrella module for AnyConnect. All web traffic is intercepted by the SWG agent to send to the Umbrella SWG except domains and IPs on the External Domains List and the Internal Domains List. The External Domains List bypass can contain IPs or domains to bypass.
If you are using the AnyConnect SWG agent for your SWG deployment, please read this article to avoid seeing issues bypassing your content.
Functionality Limitation in Versions under 4.9
The Umbrella AnyConnect Secure Web Gateway (SWG) Agent will send any web traffic on the External Domains List direct and bypass the SWG proxy. For versions lower than 4.9, there is a known issue in the SWG agent functionality for bypassing by domain. This applies to domains that are CNAMEs or tied to certain applications such as Office365.
To ensure your bypass is completely functional by domain, please take one of the following steps:
- Upgrade to AnyConnect 4.9+
- Add the IP addresses to bypass belonging to critical to bypass domains
- If migrating from Cisco CWS, import your entire bypass list as-is. Please do not remove any bypass entries to ensure a 1-1 bypass migration.