The guidance in the Tech. Articles below have been correctly implemented and verified. Yet, WSS isn't accepting it and unable to carry forward user authentication from the on-Premise Edge SWG (ProxySG) to the Cloud SWG (WSS)
Configure Edge SWG Appliance Proxy Forwarding (broadcom.com)
Edge SWG Proxy Forwarding for CloudSOC (broadcom.com)
The requirement is to implement Edge SWG Proxy Forwarding for CloudSOC, and as per the reported error, we see the below.
"Raw CPL rewquires #if enforcement=appliance-specific policy"
To respond to the above, please note that sometimes there is a requirement to write single CPL policy and apply it for different products, software versions, or enforcement domains through Management center.
It is also easier to maintain a single CPL instead of different CPL per product, version or enforcement domains.
CPL allows you to segregate policies as below:
Ref. doc.: https://knowledge.broadcom.com/external/article/245021/creating-conditional-policies-in-proxysg.html
Implementing the option below resolves the error. Having the CPL rule(s) in position, and shown below is important.
Enforcement domain specific policy -