When running a policy trace, SSL-intercept layers are not showing up in policy traces.
The SSL-Intercept layer will not be shown in a policy trace if the policy trace rule is placed on a layer other than an SSL-Intercept layer.
When debugging a proxy access issue, a web access layer is used for setting up a policy trace rule. However, if you need to troubleshoot an SSL interception issue, you will need to add an SSL-Intercept layer and create a policy trace rule. The reason for this has to do with policy timing and interpretations by policy layers.
For more information about policy traces see Use policy tracing to debug access denied errors or website accessibility issues.