In an explicit deployment, there is no way to completely bypass the proxy without creating exceptions in the browser or managing exceptions through a PAC file as explained in article TECH241975.
For HTTPS traffic, Protocol Detection can be disabled instead. This will tunnel the HTTPS request instead of using the SSL engine to inspect it. More information on this can be found in article TECH245661.
As for HTTP traffic, there is a way tunnel those requests without them being recognized by the common proxy engines (HTTP or SSL). This can be useful if creating rules in the firewall to allow traffic from specific IP is undesired, which is a common occurrence in Explicit environments. This means that the source IP of the outgoing packet will still be the Proxy's IP, as it is still being intercepted by it instead of bypassing it through the browser settings or a PAC file.
1. Configure a new TCP Tunnel Proxy Service:
First we need to create a new service that will be listening for connections which destination is the site we want to tunnel through. Each site will be associated to a specific non-standard port in the ProxySG
2. Create a forwarding host for the site:
In order for the proxy to send the request to the destination server, it must be forwarded. Otherwise, the proxy will think that the destination is the proxy itself. For this we will create a forwarding host for www.example.com, which resolves to 22.214.171.124.
3. Configure Forwarding policy to send requests to the Forwarding Host:
The Forwarding Host can only be used if we create policy and assign it to a rule. We can perform this by going to the Visual Policy Manager and creating this rule:
4. Create PAC file and point requests made to the chosen port:
After all of this is done, we can create our own PAC file. In this example, we will create a PAC file that sends requests made to www.example.com to my proxy (IP 126.96.36.199) on port 9999 to be TCP Tunneled, while the rest of the requests will be sent to the default Explicit Service on port 8080, which will be using the HTTP engine.
if ( shExpMatch(host, "www.example.com") )
return "PROXY 188.8.131.52:9999";
return "PROXY 184.108.40.206:8080";