You would like to enable 'Proxy Restrictions' rules that you see in the Cloud SWG portal in a UPE managed environment.
In the Cloud SWG portal, select Policy > Proxy Restrictions.
This policy is not available by default in UPE.
UPE
You can do this in UPE by creating a new CPL layer.
Below are two rules.
The first rule [Rule SYMC_Protocols_Standard_ports_only] is equivalent of "Restrict traffic to web protocols only " and the second rule [Rule SYMC_Protocols_Web_non_standard_port] is for "Restrict web traffic to standard ports".
<Proxy SYMC_Protocols_Web_only>
[Rule SYMC_Protocols_Standard_ports_only]
url.scheme=http url.port=80
url.scheme=(https, ssl, tcp) url.port=443
url.scheme=ftp url.port=21
FORCE_DENY("Only web traffic on standard ports is permitted.")
[Rule SYMC_Protocols_Web_non_standard_port]
url.scheme=(http, https, ssl, ftp)
url.scheme=tcp tunneled=no
FORCE_DENY("Only web traffic is permitted.")
In order for the above to apply to any traffic, protocol detection would need to be allowed ( not bypassed ) for the specific endpoints, otherwise the Proxy cannot determine the protocol.