When ProxySG policy includes a rule to perform DNS lookup of the server URL, the policy does not work when the SSL proxy intercepts SSL traffic. For example, you might notice that the appliance performs the default IPv4 lookup, even though IPv6 is preferred, when your policy is configured with one of the following:
The appliance performs DNS lookup of the server URL on SSL traffic before it evaluates <proxy> layer policy.
For requests over HTTPS, as well as other protocols carried over SSL that the SSL proxy handles, include the rule to perform DNS lookup of the server URL in the <forward> policy layer.
Modify existing VPM policy: