Analyzing "POST" HTTP requests from ProxySG, with SSL Inspection involves.
Yes. It is possible to analyze the "POST" HTTP requests in a PCAP, if they were generated.
There are various methods for reviewing packet capture related information from the proxy appliance:
SGOS# pcap info
To analyze captured packet data, use a tool that reads Packet Sniffer Pro 1.1 files, such as Wireshark or Packet Sniffer Pro 3.0.
Wireshark can be downloaded for free at https://www.wireshark.org/.
Irrespective of the chosen approach, to analyze "POST" HTTP requests, the filter, below, should be utilized, in Wireshark.
http.request.method == "POST"
For HTTP2, use http2.headers.method == "POST" in the Wireshark filter.
If, indeed, a POST request was generated, packets with the "POST" request will be seen in the capture.
For collecting the PCAP on the ProxySG appliance, utilize filters that reflect the source and destination of the traffic of interest. Remember to use the "ip host xx.xx.xx.xx", for the use of IP addresses, and "host example.com", for non-IP hosts. When more than one filters are used, separate them with the use of "or".
Now, with SSL, we recommend to use secure ICAP. For guidance, please refer to the tech. docs. with URLs below.
https://knowledge.broadcom.com/external/article/170462/configuring-secure-icap-by-importing-cer.html