Edge SWG's admins may observe a data discrepancy where the coverage counters (hit counts) displayed on a specific Policy Rule do not match the coverage counters of the underlying Category and Condition that the rule is configured to evaluate.

In Broadcom Edge SWG, this behavior is working as designed. Policy coverage counters are incremented where the condition is evaluated, rather than within the underlying category definition itself.

To increase a counter, a policy condition must match. When a condition references a category, the hit is tallied on the condition's reference line, not on the individual URLs listed inside the category block.

Practical Example in Edge SWG

1. CPL Configuration

In this scenario, we define a custom category, define a condition that references both specific URLs and that category, and then create a rule using that condition.

define category NewCategory2
    firstwebsite.com
    secondwebsite.com
    thirdwebsite.com 
    fourthwebsite.com
end

define condition testcondition
    url.domain=sport.com
    url.domain=music.com
    url.domain=rock.com
    category=NewCategory2
end

<proxy>
condition=testcondition ALLOW

2. Testing the Policy

A client browser reaches out through the Edge SWG to two destinations:

• fourthwebsite.com (which is part of NewCategory2)
• rock.com (which is explicitly listed in testcondition)

3. Policy Coverage Statistics Output

Reviewing the coverage statistics reveals how the proxy calculates the hits:

92: <Proxy> [layer 52] [vpm-cpl:244]
92:     ALLOW condition=testcondition (92) --> This is the sum of 29 + 63

  : define category NewCategory2           --> Evaluated via condition = individual stats remain zero
 0:     //firstwebsite.com/  
 0:     //secondwebsite.com/  
 0:     //thirdwebsite.com/  
 0:     //fourthwebsite.com/  
  : end
                  
  : define condition testcondition         --> Matches occur here = stats are incremented
 0:     url.domain=//sport.com/ (0) 
 0:     url.domain=//music.com/ (0) 
29:     url.domain=//rock.com/ (29)        --> 29 hits explicitly for rock.com
63:     category=NewCategory2 (63)         --> 63 hits for anything inside NewCategory2
  : end

• The Rule Counter (92): This accurately reflects the sum of all matched triggers inside the condition (29 hits for rock.com + 63 hits for the NewCategory2 category).

• The Category Counters (0): Because the proxy tallies the hit at the condition level where category=NewCategory2 is called, the internal contents of the define category block will always display zeroes in this view. This is normal and does not indicate a failure in the policy.