One option is to update the device to a later device software which features improved proxy support.

The other option is to create a rule in the firewall that should be configured so that all calls over https (port 443) to the cloud server address are allowed:
xxxxx-yyyyy.cloud.safeconsole.com  (replace x and y with your unique cloud server address). All URL's to the address should be allowed.