First enabling a HTTPS-proxy service on port 5222 and arrange for that traffic to reach the ProxySG. If this is an inline deployment, nothing special needs to be done.
Second configure policy to SSL-intercept and deny all HTTPS traffic to "Chat" and "Search/Engines" categories. While the chat category is obvious, the Search category is also necessary to address G-Talks attempt to connect to any Google owned IP. The chance of over-blocking HTTPS search sites is small (it's unclear why a web-search site would be HTTPS), but could be addressed with a more complex policy.
Example policy for step two.
server.certificate.hostname.category=("Chat/Instant Messaging", "Search Engines/Portals") ssl.forward_proxy(https)Deploying a certificate to client computers is not necessary as the goal is to deny this traffic.
Finally configure denials for port 5222 and the Google-Talk client. The gmail chat interface uses AJAX calls to "/mail/channel/bind" to log a user into G-Talk and retrieve the login status of friends.