Mimecast Web Security: Managing Exceptions

Document created by user.oxriBaJeN4 Employee on Aug 6, 2018Last modified by user.oxriBaJeN4 Employee on Jul 8, 2019
Version 26Show Document
  • View in full screen mode

This guide describes how you can allow your trusted domains and IPs to bypass the Mimecast Web Security functionality by configuring exceptions.

We recommend all exceptions are carefully considered. They should be domain areas that are frequently utilized and fully trusted (i.e. internal company sites).

Default Exceptions


To make the initial configuration process easier, customers have a default exceptions list created in their account with the TLDs listed below. Administrators can modify the list of default exceptions as required:

  • local
  • internal
  • lan
  • home
  • corp
  • localdomain
  • domain
  • mail

If you want more granular control over the domains you allow users to access, we recommend adding top-level domains / sub-domains to your allow / block lists in a domain filtering policy. See the Mimecast Web Security: Configuring a Block or Allow List Policy page for full details.

For devices with the Mimecast Security Agent (MSA) installed, add your internal domains to the exceptions list. This ensured the MSA won't look up internal domain addresses in your organization. For cloud only setups, internal domain requests won't be forwarded outside your organization, as the request goes to your internal DNS server before being passed to Mimecast Web Security.


When configuring exceptions, consider the following:

  • A domain added to your exceptions list won't connect with Mimecast. Any configured security policies are non-applicable and user activity is not logged.
  • An IP added to your exception list works differently from a domain. A DNS request which resolves to an IP address found in the exception list, won't have any configured security policies applied. If logging is enabled, the activity is logged.


Managing Your Exceptions


To access your exceptions:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A dropdown menu displays.
  3. Select the Web Security | Exceptions menu item.


Adding an Exception

If you have multiple exceptions, each must be added as a separate entry.

To add a new exception:

  1. Click on the Add New Exception button.
  2. Complete the popout panel as follows:
    Field / OptionDescription
    NameAdd a description for the exception (e.g. Internal Subsidiary Domain). 
    TypeSelect whether the exception is a "Domain" or "IP Range" from the drop down list. The relevant field is displayed.
    DomainSpecify a domain name.
    Adding a domain as an exception also adds any of its subdomains as an exception. For example adding "acme.com" also adds "subdomain.acme.com".
    IP RangeSpecify the IP address / IP address range (in CIDR format) of a trusted domain.
  3. Click on the Add button.


Edit an ExceptionEditing an Exception


To edit an exception:

  1. Click on an exception.
  2. Edit the fields as required.
  3. Click on the Save button.


Deleting an Exception


To delete an exception:

  1. Click on the Dots Icon icon to the right of the exception.
  2. Click on the Delete menu item. A confirmation dialog is displayed.
  3. Click on the Delete button to confirm the deletion.


Searching Exceptions


Searching ExceptionsTo search for an exception:

  1. Click on the All down arrow next to the search field.
  2. Select one of the following filters:
    • All: Searches all exceptions regardless of the type. This is the default.
    • Name: Searches for the exception name.
    • Domain: Searches for the domain name.
    • IP Address / Range: Searches the IP address range.
  3. Enter your search criteria in theSearch field (e.g. name, domain, IP address).
  4. Press the Enter key or click on the search icon. Your results display.


See Also...