We can’t rewrite PAC or WPAD back to own HTTP explicit proxy service port (usually port 80 or port 8080) because of loopback detection. The proxy will return with "400 bad request" error message. Such rewrite was never been supported or intended to be. The workaround is to use redirect instead of rewrite or rewrite the PAC or WPAD to another ProxySG's http service ports.
A basic example of a redirect policy for WPAD can be found below:
;------start redirect WPAD to PAC------
url.path=/wpad.dat action.redirect_pac(yes) allow
define action redirect_pac
;------end redirect WPAD to PAC------