You want to know, if the Edge SWG (ProxySG) appliance policy does not include an SSL Intercept layer:
In SGOS 5.4 and later, the default behavior for HTTPS traffic is to Intercept on Exception. A valid SSL license is required.
Even if you do not have a SSL Intercept Layer in policy (or it is disabled), as long as the HTTPS Proxy Services are set to Intercept on port 443, the ProxySG appliance performs Intercept on Exception by default. Examples of exceptions include a policy denial, a certificate error, and an error with the SSL handshake.
A HTTP Interception on Exception object is used to intercept SSL traffic if there is an exception, such as a certificate error or policy denial. This differs from the HTTPS Interception object, which intercepts all HTTPS traffic.
HTTPS is not intercepted if the default policy is ALLOW.
Notes: