Problem accessing Salesforce.com on the ProxySG appliance


<< Back to Knowledge Search

Solution

Overview

Salesforce.com installs an applet on the workstation. When the ProxySG appliance is enabled, the applet will prompt the user to enter credentials. If authentication fails, the application will attempt to connect to other ports, but the firewall will generally reject those connections.

Cause
Resolution

 

Remove the software (via the Control Panel) and start over after the following Content Policy Language (CPL) has been added to the local policy file.

  1. Go to Management Console > Configuration > Policy > Policy Files > Policy Files Tab
  2. Select the drop-down option for Install Local File from
  3. Select Text Editor and then click Install
  4. Copy & paste the following text, then click Install


;-----------------------------------------------------------------------
;  Bypass whitelist salesforce.com data center IP addresses
;  - updated 26th Apr 2012   
http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_om_outboundmessaging_security.htm
;-----------------------------------------------------------------------
;                                    
;define the condition                    
define condition salesforce_com_data_center
url.address=204.14.232.0/21

url.address=96.43.144.0/20
end

;apply the action
<Proxy salesforce_com_data_center > condition= salesforce_com_data_center
     client.protocol=ssl detect_protocol(no) authenticate(no) ALLOW

     http.method=CONNECT detect_protocol(no) authenticate(no) ALLOW


;-----------------------------------------------------------------------

NOTE: The above CPL is written based on Salesforce knowledge base information. Since it is IP based, it will probably require adjusting in the future.

 

Workaround
Additional Information

Starting in June 2016, Salesforce will begin disabling the TLS 1.0 encryption protocol in a phased approach across impacted Salesforce services. Make sure client browser support TLS 1.0 above(TLS.1.1 and 1.2).

For testing purpose you may use this site :
https://tls1test.salesforce.com/s/
More details on Salesforce TLS 1.0 Disablement : https://help.salesforce.com/HTViewSolution?id=000221207

Bug Number
InQuira Doc IdKB5106
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      06/29/2016
Last Published      06/29/2016
Article Audience
Product      ProxySG
Software      SGOS 5, SGOS 6
Topic      Authentication, SSL / HTTPS
Article Number      000012814
Summary      Common problem on accessing Salesforce.com
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat