Just worth mentioning that when specifying the source in the Policy trace, you don't use the IP address of the ProxySG. You specify the source IP address of the client you wish to perform a trace on. In your review of trace_test you can see that this is consequently changed to 172.16.94.26.

Also worth noting is that you need to have an SSL Intercept trace layer if you want to include policy tracing of rules on that layer. The Web Access layer would not include those SSL Intercept rules.

Next time please do not mix up rules and layers. :)