The two main methods of doing this are by using a group policy with no category blocking, or to design your network rules to bypass the filter for the desired network range or IPs.
Filtering a Specific Network.
If you want to filter only a portion of the network to be filtered and the rest of the network to bypass the filtering there are several options.
Using Groups to Manage Traffic
One Method, is to modify the default group and default policy to allow all categories. This allows all users in the default group to have all URLs allowed. Then create a new group and policy and add a client. Designate this client to be type "Network Subnet" with the "IP Address or Range" set to the IP range of the network to be filtered. Modify the policy to block the appropriate categories. In this scenario all traffic is passing through the policy server and being processed by the policy server.
Go to Policy Management > Group Manager and click the default group then click the default policy and the Modify Categories button. Uncheck all categories, using the custom template, or select the None template.
Configuring Hardware to Manage Traffic
If you do not want the traffic intercepted/detected/processed in any way, then the traffic should not be sent to the policy server. This may mean adding routes or configuring a switch, router or firewall depending upon your deployment. In this scenario only traffic that will be filtered is sent to the Policy Server and this will improve performance.
Configuring Networks to Filter with the Enterprise Filter
If you are using the Enterprise Filter you can change the enterprise rule to add a source network of the range that is to be filtered. For example,
-t mangle -A PREROUTING -s 10.0.0.0/8 -i eth0 -j NSROUTER
where the 10.0.0.0/8 is the IP range of the network you wish to filter. To edit the enterprise rule go to System Tools > System Configuration and click the Enterprise Filter Settings button.