There are 2 types of connection that client browser generates for Web Isolation Gateways:
1. Web Traffic for Load Balancer and Gateways
2. Web Socket traffic for Gateways
We need to understand the type of policies that needs to be created for above traffic if downstream Proxy exists
If downstream Proxy is Edge SWG(ProxySG), Web Isolation will create dynamic instructions (CPL) that needs to be configured as mentioned in TechDoc.
But for 3rd Party Proxies, policies needs to be manually configured.
On downstream Proxy -> Gateway traffic should be sent directly (on port 443/80), while LB (or any other Web) traffic should be forwarded to WI Proxy (on default port 8080)
Note: Although sending gateway traffic to WI Proxy would practically work, but it will introduce an unnecessary extra hop which will degrade the performance and hence should be avoided wherever possible.
Recommended Policies on Downstream Proxy:
If Destination = Gateways then Action = Direct
If Destination = LB/ANY then Action = Proxy Forwarding