Client can ping the sg in bridge mode. It however cannot ping the default gateway. The blue coat can ping default gateway and the client. All cabling ok. Packet capture shows client sending arp but never gets a reply.
It was found that the interface connecting to the blue coat had a non default vlan. Changed the interface vlan to the default of 1 and now client can connect.