Web or DNS requests sent to the IP's that belongs to 192.0.2.0/24 range are intercepted by WSSA after adding the IP\subnet into the bypassed IP list.

WSSA 8.1.1 and later

Subnet 192.0.2.0/24 is non-routable IP over internet. The address range 192.0.2.0/24 is in the "Reserved IP addresses" block for Test-NET - (https://datatracker.ietf.org/doc/html/rfc5737).

WSSA uses this IP block for internal routing between its driver and service component. The port is randomly selected by the agent with this IP range. Port might be 53, 21, 3389 or 17483.  Anything that is sent by external applications destined for this address block will be intercepted by the agent and sent through the tunnel. Customers should not be using "Reserved IP addresses" ranges with WSSA. Since this reserved address range is internally used by WSSA, it cannot be bypassed as that would cause the agent to stop functioning. Customers should not be using reserved address ranges on their network.

The rule execution order of these addresses has been changed starting from version 8.1.1, therefore one would see this behavior only in version 8.1.1 and later.