Policy issues will usually require a policy trace along with configuration information from the Proxy.  Following are instructions on how to gather a policy trace using 2 different methods.

This document assumes your proxy is at IP X.X.X.50 and is reachable with HTTPS port 8082.

1. In the web management console click Configuration -> Policy -> Policy Options then click "Trace all Policy execution"
    
2. Reproduce the issue
    
3. Go back and uncheck trace all policy execution 
    
4. Collect the trace file, sysinfo, and event log
   Browse to https://X.X.X.50:8082/policy/trace/ and download the default_trace.html file
   Browse to https://X.X.X.50:8082/sysinfo, ensure the page has completely loaded, and safe it as a .txt file (not MHT nor HTM/HTML)
   Browse to https://X.X.X.50:8082/Eventlog/Statistics and click the link to download the log.  It can be saved as the default format of .log.
   Browse to https://X.X.X.50:8082/Diagnostics/Snapshot.  Save each snapshot by clicking the "download all".  There are two by default but may be many more, please download each one.
    
5. Store all requested files in an archive (please use .zip) and upload them to the Service Request opened with support by browsing to Broadcom Support and completing the form.  
   Please provide the IP of the client you were browsing from, the URL producing the issue, and if you are using proxy authentication the user name of the user running the test to technical support.

1. Open VPM, select Policy and create a new Web Access layer.  This new Web Access layer will have just one rule in it.
    
2. On source right click and select Set and then New.  Select Client IP address/Subnet.
    
3. Enter the IP address of the client you are running the testing from.  There is no need to enter a subnet.
    
4. Select Add and then close.  On the Set source object window select this client IP and then OK.
    
5. On Track right click and select Set, New, and then Trace
    
6. Select the Trace Level selection and then Rule and Request tracing.  Select OK and then OK.
    
7. Install policy.  Now all activity for the configured client IP address will be dumped to the policy trace file.  Reproduce the issue and when you are done getting policy trace information delete or disable this rule.
    
8. Collect the trace file, sysinfo, and event log
   Browse to https://X.X.X.50:8082/policy/trace/ and download the default_trace.html file
   Browse to https://X.X.X.50:8082/sysinfo, ensure the page has completely loaded, and safe it as a .txt file (not MHT nor HTM/HTML)
   Browse to https://X.X.X.50:8082/Eventlog/Statistics and click the link to download the log.  It can be saved as the default format of .log.
   Browse to https://X.X.X.50:8082/Diagnostics/Snapshot.  Save each snapshot by clicking the "download all".  There are two by default but may be many more, please download each one.
    
9. Store all requested files in an archive (please use .zip) and upload them to the Service Request opened with support by browsing to Broadcom Support
   Please provide the IP of the client you were browsing from, the URL producing the issue, and if you are using proxy authentication the user name of the user running the test to technical support.

Why this data is needed
The policy trace shows every rule in your policy that is hit.  The unfiltered policy trace shows misses as well, though those are not generally as useful (any rule which is not hit can be considered a miss).
The sysinfo contains the full configuration, detailed statistics, and the entire compiled policy on your Edge SWG(ProxySG).
The eventlog can point out policy conflicts or other error messages which can help lead to the root cause of the problem.
The snapshots are sysinfo files taken at regular intervals (1 day and 1 hour by default).  This can help uncover a policy or configuration change that may have contributed to the problem.