You are trying to enable SSL Interception (on the Visual Policy Manager, also known as VPM, on the SSL Interception layer) with the Web Security Service (for policies applied only to Web Security Service) or Universal (policies applied to both Appliance and WSS) enforcement, but you are receiving an error. It only seems to work from Appliance enforcement.

"The detect_protocol property is enabled on most of the WSS services. Please ensure that WSS service configuration matches your policy expectations". (The SSL Intercept. an action is shown in red)."

• Management Center
• Proxy SG with SGOS 6.7.3.1 and above
• Web Security Service

The policy classification is out of date in the reference ProxySG

1. Close the VPM editor (if opened), and open an SSH session to your Reference ProxySG.
2. Type "en" (without quotations) to enter the Enabled mode.
3. Type "load policy classification" (without quotations), and wait for the Proxy to update, as shown below:   
   
      
   
   
4. Finish the SSH session, and re-open the VPM editor.
5. Write the SSL Interception rule on the SSL Interception layer again. (Example: Any-Any, Action: SSL Interception enabled, Enforcement: WSS).
6. You should be able to save the policy now. Proceed to apply it to the corresponding targets.

NOTE: If for any reason you are getting an error that the URL is not reachable. Change the URL to HTTP vs HTTPS using the following commands via CLI. 

1. Open reference proxySG via SSH
2. Type enable
3. Type config terminal
4. Type policy classification-path http://bto.bluecoat.com/download/modules/security/SGv6/policyclassifier.xml
5. Type exit
6. Type load policy classification