When you scan the Web Gateway with Qualys, the report shows a vulnerability with QID 62026 and 62035 regarding the CONNECT method
Qualys considers this a vulnerability due to the possibility of the CONNECT method being used as a reverse proxy and traversing your internal network. The CONNECT method is required for the SWG proxy to support HTTPS.
There should be a perimeter firewall in front of the Web Gateway that blocks requests coming from the Internet on the proxy port to prevent proxy requests from the outside. In addition, you can disable the CONNECT method by enabling the 'Block SSL Traffic on HTTP Port(s)' option on the Proxy tab and using the SSL Deep Inspections proxy function for this.