We have a cloud app that has a max limitation on network ACL's the provide will allow which IDEXX exceeds in total worldwide locations. I'd like to implement a forward proxy using an internal SWG device. Similar to Apache's passproxy feature. Is there a way to create a IP/listener on the SWG, which we will create an internal DNS record for, and a policy to forward proxy all that traffic to the cloud site.
Any help would greatly be appreciated.
this sounds like a reverse proxy deployment. You can tell MWG to listen on some IP and Port as a reverse proxy (it will behave like a web server). Whenever a request comes in MWG can forward that request to the original target web server.
In the online rule set library there is a simple reverse proxy example, maybe you want to check and see if this is what you would like to achieve.
Rather than using an internal DNS name like xyz.idexx.com I would - if possible - configure the companys DNS to resolve xyz.cloud.app to the IP address of MWG. This resolves some potential issues with absolute URLs and absolute Redirects.