You want to configure Edge SWG (ProxySG) with secure NTP configuration
The NTP server can be configured from the web console as mentioned in the following article, https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/edge-swg/7-3/getting-started/page-help-administration/page-help-general/page-help-time.html
If you want to configure NTP with authentication, it can be configured from the CLI using the following command.
(config) ntp server <domain name/IP address> [ <keyid> <keytype> [ <key> | <enter> ] ]
where <domain name/IP address> is an NTP server hostname or an IPv4 or IPv6 address.
where <key-id> is a value between 1 and 65534.
where <keytype> is the string "SHA1" (case insensitive). This will be the only supported type for now. FIPS requires SHA1 only at this time.
where <key> is a 160-bit SHA1 key value encoded by 40 hex characters. This is a shared secret with an NTP server. This is sensitive data on the Edge SWG, this value is treated like a password (it is only displayed and stored in an encrypted form).
e.g.
# (config) ntp server <IP> 1 sha1 574fe62329240f0ddeb0b142b15a4768f91a2ff4
e.g., 574fe62329240f0ddeb0b142b15a4768f91a2ff4 is the SHA1 hash of your key
You can check eventlog for NTP query to verify NTP updates are working. Eventlog will have a log entry as highlighted in the below snapshot.
Limitation: The Edge SWG does not support plain text / MD5 shared secret and it has to be SHA1 only.