Customer is setting up his Cloud SWG tenant and once using Google Safe search policy and the Protocol Restrictions feature the google.com website is not reachable.
Along with that, there are other features enabled like DNS Proxy, CFS.
Cloud SWG
Google Safe search
Proxy Restrictions
CFS
DNS Proxy
When Safe Search is enabled we force the user to use CNAME "forcesafesearch.google.com" to resolve google.com and this will resolve to "216.239.38.120"
Part of the Safe Search policy will disable Protocol Detection for the IP "216.239.38.120". When protocol detection is disabled, the SG is unable to detect the protocol used by the browser therefore it will match the Proxy Restriction (Web Protocols Only) policy and block the request.
Temporary workaround is to put google.com into the DNS Proxy exemptions and permanent fix is on it's way.