You are seeing a connect_method_denied verdict in the WSS reports for connections to tcp://ip-or-domain on port 443.You are not sure why the error is being triggered as it is connecting on a standard port.
Cloud SWG (Web Security Service)
In the PCAP taken we can see that after the HTTP 200 connection established, you immediately see a FIN from the client.
Cloud SWG received the initial CONNECT request and passed back a 200 OK. The next packet should be a Client-Hello from client side to initiate the SSL handshake. If for any reason, if this packet is not reaching us, this will be considered as a tunneling attempt of a non-SSL protocol and will hit the "Connect_Method_Denied" exception.
Cloud SWG Proxy: 192.168.1.83 / Client: 10.230.0.5
The proxy is operating normally. From looking at few customer account we generally see this traffic is generated by browser user agent and normally causes virtually no impact as it's either temporary or application does successfully establish SSL on next connections.
To prove that this is not caused by the client-side applications, we would need to see PCAPs from the gateway showing that Client Hello is being sent.
This exception can occur for other reasons as well which are provided in the article below.
Verdict connect_method_denied in Web Security Service report
Denied access to the requested port with Web Security Service