Hi @fstarter.
After long tests, it works for me as follows:
In “Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)” I have put this range to be able to access the devices that are in the RED range (Router, Printer, APs, etc …).
Although the “Option code 252 = text” does not work in Firefox, I put it for Chrome and Edge.
In “Host” I have defined the IPs of the devices that are in “RED”.
The device group in “RED” for the Firewall rule.
The “Services” group to prevent bypassing the Proxy, for the Firewall rule.
The important ones are 4 and 5. One allows communication to devices that are on “RED” and the other prevents anyone from bypassing the Proxy.
And finally, the configuration in Windows to pass through the Proxy. I have tried it like this and it works. Everything goes through the Proxy.
Hope this can help you. You will tell us.
Greetings.