based on this requirement, I would have selected another option
Perhaps it doesn't fit your needs but just to let you know different design exist
Goal being to filter some devices and not filter some others, il would:
- create network object group for devices with fixed IP
- set proxy with default rule that is to filter
- set "no filtering" for object group containing fixed IP (or IP I don't want to filter)
As you notice, such design doesn't aim at by-passing proxy (which means have network design built for this specific need) but to tune proxy filtering rules so that some decides are under control while others are not, this based on access rules.
From personal standpoint, I'm not 100% satisfied with such design
Well, I'm not in line with the initial requirement instead because filtering at proxy level based on device doesn't make sense if goal is to prevent
people to have unexpected behaviour. To me, proxy with access rules makes sense only for users, not for devices.
Rules for devices should rather be used only for servers or specific devices that must by-pass proxy but not when there is some user behind. However this is another debate