You can create a custom exception list with the domains and IP addresses you want directed to the origin without TLS decryption. Exception lists allow you to maintain the privacy of users who access trusted, sensitive websites and do not require ETP protection.
When you add an exception list to a policy, it's configured with the bypass action by default. For example, if ETP Proxy is enabled, the domains and IP addresses you provided bypass the proxy. For more information on policy actions, see Policy actions for lists and security categories.
Each entry in an exception list is counted and deducted from the 200,000 entries that are allowed for all custom list entries.
Like other configuration changes, you must deploy a new or updated list to the ETP network. Exception lists deploy in the same 20-30 seconds as other configuration changes.