SCP Settings

Take a look at the SCP policy in your tenant by navigating to Settings > Infrastructure > Client Proxy Management. We won’t actually change any settings here for today’s workshop.

Use Case: Bypass by destination, process, port on the client

There is a dedicated setting for not redirecting local traffic to your selected proxy, which won’t be resolvable in our cloud. You can also define other traffic to not be redirected to Skyhigh and instead be bypassed on the client level.

To achieve this with Skyhigh Security SSE, use Configuration Policies > Proxy Bypass.

Proxy Bypass Proxy Bypass

Use Case: Use on-premise proxies when on site

For users on premise, you may use a self-hosted virtual SWG for locally hosted applications, resolving domains, or to avoid unnecessarily reaching out to our PoPs during a transition.

To achieve this we will modify our Gateway List (On the left hand side of our SCP Configuration page). In this setting, we will always poll for a local SWG before falling back to the Skyhigh Global Routing Manager to be redirected to the user’s closest PoP.

On-Prem Gateway On-Prem Gateway

Use Case: Block QUIC traffic

HTTP/3 (using QUIC) is increasingly being used by default on websites. Some benefits include faster connection establishment and encryption by default. However, QUIC traffic cannot be decrypted, and as such, is often blocked by security admins. This will cause a fallback to HTTP/2 using traditional TLS.

To achieve this with Skyhigh Security SSE, block UDP over ports 80/443.

Blocking QUIC Blocking QUIC