You want to use Web 2.0 Application controls, but notice that many of them do not work on sites like Facebook, Google Plus (Google+), Twitter, etc.

All of these sites use HTTPS by default, which means that the traffic is encrypted. That means that the ProxySG does not see the full URL of any request.

Since Web Application controls are URL-based, they will fail to work as the URL is unknown (at least as far as the Proxy is concerned).

In order to resolve this issue, you need to implement full SSL-Interception. With SSL-Interception enabled, the ProxySG will be able to see the full, unencrypted traffic between the user and the remote server and will be able to apply the fine-grained controls that the Web Application control feature enables.

For details regarding configuring SSL-Interception please see the following KB articles:

000008716 - Configure the SSL proxy on the ProxySG for transparent interception and authentication using an SSL certificate issued from a Microsoft PKI server

KB5500 - How to configure SSL proxy to intercept HTTPS traffic for an explicit deployment using a self-signed certificate