If the access control proxy is activated, you will need a rule of type OUTPUT
I turned off Access Control, but it didn't seem to make any difference. I also changed the rule to an OUTPUT type, with no luck.
I can think of any other reason this will fail without seeing some further diagnostics.
Are you able to conact support and provie them with the diagnostics ?
After a little more digging, I discovered a few more items of interest.
1) I had an error in my route configuration, which prevented it from working even when access control was turned off. I corrected that, and was able to create a policy for HTTP traffic that works with access control off.
2) The only routing policies that don't work correctly with access control turned on are for HTTP traffic. It appears that Access Control operates before policy routes, and as I had enabled access control and the web protection service, the traffic was being sent out to the web protection service proxy directly.
That led to a sudden realization that the web protection service was being accessed on port 8080. I added that to my policy route, and it all appears to be working.