Please update your device software to the latest version:

v4.8.19 and lower may have issues with proxy detection due to new Windows Operating System changes.

The Sentry device client will auto-detect your proxy settings from Internet Explorer or from WinHTTP settings.

Please allow full traffic to https://yourserverhostname/* TCP PORT443

*If you have a SafeConsole cloud server, you only need to make an exception for and not

Please tunnel or forward the traffic through and do not terminate SSL at your proxy server. Doing so will interfere with the device client
software's requirement of needing client/mutual authentication using client certificates to establish a TLS handshake with the server.

The device client will need to perform these HTTP requests types for full compatibility:

Check if your proxy is configured correctly

To see if your proxy is intercepting the certificate view the certificate in your web browser. You can do this by going to your connection-token. Replace company with your domain name. You may get an error saying that the certificate is not trusted as it should be a self-signed certificate. To view the actual certificate, will depend on your web browser. For Chrome, you will need to open development options by clicking F12, then go to the Security tab, Finally click "View Certificate."

The first thing to check is that the Issued by: is not your proxy server. If it is, then you need to configure your proxy server to disable SSL inspection for your SafeConsole server. Some proxies will try to impersonate the original certificate in that case click on the Details tab and scroll down to the very bottom to view the thumbprint/fingerprint. This is the SHA1 hash of the certificate that can be used to compare it from a computer outside your network. You can use the third party website to enter your address to compare. If the thumbprint/fingerprint differ then you need to configure your proxy server to disable SSL inspection. 

Configure Your Proxy

To correctly configure your proxy to be used with SafeConsole you will need to whitelist your servers address ( in your proxy so the certificate is not intercepted. Each proxy is unique and may use different terminology. 

For Bluecoat ProxySG see the support article by Symantec.