Akamai maintains a list of domains that bypass SIA Proxy for compliance and performance reasons.
There are also applications that send non-web traffic such as Session Initiation Protocol (SIP) or XMPP over TLS, utilize certificate pinning, or are incompatible with the TLS MITM certificate that is generated or uploaded in SIA and required for SIA Proxy. SIA offers a policy setting that allows you to allow or block domains that use an unsupported protocol or are incompatible. By default, the Block Incompatible Domains policy setting is not enabled. As a result, these domains bypass SIA Proxy. To block these domains, see Allow or block domains incompatible with TLS MITM certificate.
If you enable the Block Incompatible Domains setting, the Akamai domains listed in this table are blocked.
Policy conflicts may occur if multiple lists are assigned to a policy and they contain domains from the bypass list. To learn more about policy conflicts, see Policy conflicts.
Akamai frequently evaluates this list and may add more domains. The bypass list currently contains these domains.
These IP subnets for Webex media services also bypass the proxy:
|Online Certificate Status Protocol|
Domains for Microsoft 365 Traffic
These domains also bypass SIA Proxy if you enable the Bypass Microsoft 365 Traffic setting in a policy. The Bypass Microsoft 365 Traffic setting retrieves the latest domains associated with Microsoft apps and services. As a result, these domains may change.
Updated 3 months ago