IWA Direct was introduced in SGOS 6.3 and above. Any proxy running on SGOS version 6.2 or below will need to be upgraded to the support version.

In order for the ProxySG to join multiple Windows domains, please follow the following steps:

1. Please ensure the ProxySG's NTP setting is trusted by the Domain Controller and then, join to the 2nd domain using this KB: https://support.symantec.com/en_US/article.TECH242090.html. Once the proxy has joined to the 2nd domain, the state will change from not join to Joined
2. Go to Configuration -> Authentication -> IWA to create a new IWA Realms. Specify the realm name and choose Direct Connection (instead of BCAAA). Please ensure you select the right domain under "Select Domain" and Click OK and apply. The IWA Direct realm is ready to be used
3. Launch VPM and modify your existing web authentication layer rule to include this realm as necessary. Additional information can be found from the following KB article: https://support.symantec.com/en_US/article.TECH241641.html