ProxySG policy default of "allow" and no rules works differently than default of "deny" with a generic "allow" rule