Cloud SWG with UPE requires different configuration and it requires some steps to do on Cloud SWG portal, Management Center (MC) and Proxy SG.
Cloud SWG with Universal Policy Enforcement (UPE), so policies managed by Management Center (MC)
Symantec Cloud DLP
Steps to perform on Edge SWG (formerly known as Proxy SG)
Login to Proxy SG console and navigate to "Configuration > Content Analysis > ICAP"
In "ICAP Services" tab create new ICAP service with the name 'symc_dlp'. Note that selecting another name may result in conflicts and the ICAP service failing.
Once the service name is created, edit that and make these 3 modifications:
Next to "Service URL" enter icap protocol followed by an ip address (it might be a dummy ip address, as WSS will overwrite this once policy is pushed from Management Center), so the sample entry might be: icap://10.11.12.13
Next to "Service type" change the option to "DLP"
In "ICAP v1.0 Options" section change to "request modification" as the supported method
After hitting ok, ensure to Apply the changes
Steps to perform on Management Center
Login to MC console, go to Policies and click on Launch VPM Editor
Click on "Add Layer" and create a Web Access layer
Change the default rule:
In the "Service" column select "Set"
In "Set Service Object" click on "Add a new object" and select "Protocol Methods"
Change a name to "HTTP Methods" for example, change "Protocol" to "HTTP/HTTPS", select "PUT" and "POST" methods
Click on "Apply" and then ensure new HTTP Methods service object is selected and click on "Set"
In the "Action" column select "Set" and then "Add a new object". Select "Perform Request Analysis"
From "Available services" move the ICAP service created on Edge SWG to the right window and click OK
Right click on the "Appliance" in Enforcement column and select "WSS" (if policy should apply only for Cloud SWG) or "Universal" (if policy should apply on Cloud SWG and Edge SWG)
Save the policy
Install policy to WSS - go to "Targets" tab, click on WSS target and select "Install to Target". Policy will be deployed to WSS now
Steps to perform on Cloud SWG portal
Login to Cloud SWG portal and go to "Service > Data Loss Prevention"
Ensure the "Scanning level" is changed to "Scanning enabled" and "Symantec URL" and "Detector ID" values are entered