Users have to access a website that requires that the proxy doesn't intercept their traffic. How do I bypass traffic for a specific destination IP and/or port, for cases where client to server connections must be direct.

Transparent Proxy (OCS IP in destination of the Packets)

The Proxy Services configuration page is used to identify the traffic that the proxy will intercept or bypass.

Bypass Service Listener

1. Browse to Configuration -> Services -> Proxy Services
2. Click New Service.
3. Name the new service.
4. Set Proxy settings as TCP Tunnel.
5. Under listeners click New (Repeat Step 5 if needing more than one port match for the IPs' listing)
   1. Set the following values:
      • Source: All
      • Destination: Specify the IP address of the host you need to bypass traffic for
      • Port: Specify the port number for the service you need to bypass traffic 
      • Action: Bypass
6. Click OK
7. Click OK 
8. Apply to save the new service.

This can be done for Sources as well. Just list the source conditions in the listener instead

Now when the proxy receives traffic destined for this IP address and port, it will be forwarded to the Internet without being inspected or subjected to policy. User requests for this destination will reach the environment's firewall with the user's IP address. If the firewall configuration restricts what IP addresses can access the Internet to just the proxy, define a rule to allow users to access this IP address and port from any source host.

Bypass by Static Bypass list

1. Browse to Configuration -> Services -> Proxy Services -> Static Bypass List
2. Click New
3. Toggle Server Address to "Server host or subnet"
   • Set Destination IP
   • Set the Subnet mask of the IP you wish to bypass (you can use Cider notation: e.g. 32 or 24 appropriately; Proxy will automatically set the mask)
   • (Optional) Add comment 
4. Click OK
5. Apply to save the new bypass

This can be done for Sources as well. Just use the Source conditions instead.

Now when the proxy sees the condition listed in the Static Bypass list, it will be forwarded to the Internet without being inspected or subjected to policy. User requests for this destination will reach the environment's firewall with the user's IP address. If the firewall configuration restricts what IP addresses can access the Internet to just the proxy, define a rule to allow users to access this IP address and port from any source host.

Explicit Proxy (Proxy IP in the destination of the packets)

To bypass the Proxy for Explicit proxy you would need to set a Script rule in the PAC file, Manual settings for bypass in Internet Options/Proxy Setting, or WPAD to tell the client to make the request directly to the OCS instead of going to the proxy. This is required, since when the client decides to send to the Proxy IP in Explicit mode, the destination IP is NOT the OCS and is now the Proxy's IP address. There is no way to Bypass at the proxy level in this case. Decision must be made before sending to the Proxy