ProxySG 6.7.3.1 introduces SSL Intercept and DNS Layers Supported in Tenant Policy.

Please reference the 6.7.3.x Release Notes which can be downloaded at https://support.symantec.com > Downloads > Network Protection (BlueCoat) Downloads - and navigate to the 6.7 release notes for the Proxy or Advanced Secure Gateway for more information on this. 

SSL Intercept and DNS transactions now evaluate tenant determination policy in the landlord policy file. This allows <sslintercept> and <dns> layers to be defined and executed in tenant-specific policy. Previously, these layers were supported in the default tenant policy only.

What Is a Tenant and How Are Tenants Determined?

A tenant is an administrative entity with a unique instance of policy governing its traffic. The tenant policy that applies to a given request is determined by the multi-tenant criterion set in the CLI configuration or policy rules written in the Landlord policy file. To determine tenants using CLI, use the multi-tenant criterion command. This command accepts any substitution expression that refers only to properties of the connection. To determine tenants using the Landlord policy file, enter policy rules in the <Tenant> layer. <Tenant> layers are allowed only in the Landlord policy file. The <Tenant> layer supports only certain conditions.

See "Determine Tenants With Landlord Policy Rules" in the Multi-Tenant Policy Deployment Guide for more information.