After you complete the integration of the Web Security Service (WSS) with Management Center. Custom and default policies push to WSS are not applied. For example, categories blocked by default on G3 such as "Proxy Avoidance" are not being blocked. This happens even if you receive the "You are protected" message from test.threatpulse.com.
Note: Have in mind that a policy needs to be defined for SSL Interception to be performed by WSS, otherwise, rules dependant on SSL Interception will not work on Cloud policy.
Deployment with ProxySG and Unified Agent. After switching Unified Agent to an unprotected network (without ProxySG or other access methods) to test it in Active mode status.