Fully working, with additional configuration (listed below).
- Go to the Firewall -> Egress page.
- Select an appropriate group (e.g. the Everyone group).
- Add the Puffin Academy bundle and set its action to Allow.
- Go to the Web Proxy -> Filter Overrides & Walled Garden page.
- Enable the Disable HTTPS interception web proxy override if not already enabled.
Puffin Academy makes HTTPS connections which contain an invalid Server Name Indication (*.flashbrowser.com) and the transparent proxy is therefore unable to validate the connections. The invalid connections are blocked, as the system considers them to be an attempt to bypass the usual filtering. Adding the above firewall configuration allows Puffin Academy to bypass the transparent proxy. Note that this problem does not affect devices which are configured to use the non-transparent proxy.
Puffin Academy does not utilise the device's trusted certificate store and therefore the standard Disable HTTPS interception override contains rules to disable HTTPS interception.
Some of this information is from the Puffin Academy website: http://www.flashbrowser.com/pconnect/faq.php#202
Vendor Contact Log
The following log summarises discussions with the vendor of Puffin Academy (CloudMosa) regarding the problems listed above.
- 2016-07-06 - Reported to vendor.
- 2016-07-07 - Vendor responded, stating that the problems would not be resolved.