I've been searching the KBs for some insight into how to configure TCP Proxy for non-standard ports, specifically 17000 ones on proxies configured in HA mode - this is for a Tanium deployment. 

What I'm gathering is I need to create TCP Proxy listeners in the format 0.0.0.0:XXXXX where XXXXX is 17000 or is XXXXX a port I have to configure like 9100 or 9022 or something?  Then I need to create a rule in policy, since I am not in transparent mode, to help route the traffic.  There are 2 options for this I have found - option 2 is to Transparently redirect traffic to the TCP proxy port. MWG will terminate the connection. Optionally apply GTI to the destination and create a new connection to the destination - this is commonly used for PCI-DSS compliance.  I have no idea how to do this. 

Any thoughts?  Does anyone have a ruleset, screenshots, etc. on how they configured something like this?

Thanks for reading