Thank you Olin.
So just to clarify, let's say that I want Full Symantec Web Isolation and CloudSoc Gateway for a gantlet like O365. In this case does the traffic flow for the request happen as follows:
User device > Cloud SWG ----ICAP----> CloudSoc Gateway ----ICAP----> Cloud SWG > Full Symantec Web Isolation > Origin Content Server
I guess the path would be the same if we wanted to use a feature like sandboxing since the anti-malware capacity in CloudSod performs AV scanning and VBA micros scanning only.
Kindly
Wasfi