That does depend on how you are directing traffic to the WSA. If you are doing transparent redirection using WCCP simply don't configure WCCP to redirect traffic for port 443 and allow port 443 outbound from your firewall/router. If you are doing PAC file then again only configure the necessary ports to be redirected to the WSA. If you want to redirect 443 but simply PassThru using the WSA you will need to configure the Encryption Engine to accept proxy connections and set all Global policies to PassThru.