ProxySG 6.7.3.1 introduces SSL Intercept and DNS Layers Supported in Tenant Policy.

Please reference the 6.7.3.x Release Notes which can be downloaded at https://support.broadcom.com 

SSL Intercept and DNS transactions now evaluate tenant determination policy in the landlord policy file. This allows <sslintercept> and <dns> layers to be defined and executed in tenant-specific policy. Previously, these layers were supported in the default tenant policy only.

What Is a Tenant and How Are Tenants Determined?

A tenant is an administrative entity with a unique instance of policy governing its traffic. The tenant policy that applies to a given request is determined by the multi-tenant criterion set in the CLI configuration or policy rules written in the Landlord policy file. To determine tenants using CLI, use the multi-tenant criterion command. This command accepts any substitution expression that refers only to properties of the connection. To determine tenants using the Landlord policy file, enter policy rules in the <Tenant> layer. <Tenant> layers are allowed only in the Landlord policy file. The <Tenant> layer supports only certain conditions.

See "Determine Tenants With Landlord Policy Rules" in the Multi-Tenant Policy Deployment Guide for more information.