WSS with UPE requires different configuration and it requires some steps to do on WSS portal, Management Center (MC) and Proxy SG.
Web Security Services (WSS) with Universal Policy Enforcement (UPE), so policies managed by Management Center (MC)
Symantec Cloud DLP
Steps to perform on Proxy SG
Login to Proxy SG console and navigate to "Configuration > Content Analysis > ICAP"
In "ICAP Services" tab create new ICAP service
Once the service name is created, edit that and make these 3 modifications:
Next to "Service URL" enter icap protocol followed by an ip address (it might be a dummy ip address, as WSS will overwrite this once policy is pushed from Management Center), so the sample entry might be:
Next to "Service type" change the option to "DLP"
In "ICAP v1.0 Options" section change to "request modification" as the supported method
After hitting ok, ensure to Apply the changes
Steps to perform on Management Center
Login to MC console, go to Policies and click on Launch VPM Editor
Go to menu Policy and create a Web Content Layer
Change the default rule:
Right click on the "Use Default Caching" in Action column and select "Set"
In the "Set Action Object" window click on New and select "Perform Request Analysis"
From "Available services" move the ICAP service created on SG to the right window and click OK
Right click on the "Appliance" in Enforcement column and select "WSS" (if policy should apply only for WSS) or "Universal" (if policy should apply on WSS and SG)
Save the policy
Install policy to WSS - go to "Targets" tab, click on WSS target and select "Install to Target". Policy will be deployed to WSS now
Steps to perform on WSS portal
Login to WSS portal and go to "Service > Data Loss Prevention"
Ensure the "Scanning level" is changed to "Scanning enabled" and "Symantec URL" and "Detector ID" values are entered