Salesforce.com installs an applet on the workstation. When the ProxySG appliance is enabled, the applet will prompt the user to enter credentials. If authentication fails, the application will attempt to connect to other ports, but the firewall will generally reject those connections.

Remove the software (via the Control Panel) and start over after the following Content Policy Language (CPL) has been added to the local policy file.

1. Go to Management Console > Configuration > Policy > Policy Files > Policy Files Tab
2. Select the drop-down option for Install Local File from
3. Select Text Editor and then click Install
4. Copy & paste the following text, then click Install

;-----------------------------------------------------------------------
;  Bypass whitelist salesforce.com data center IP addresses
;  - updated 26th Apr 2012   
;  http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_om_outboundmessaging_security.htm
;-----------------------------------------------------------------------
;                                    
;define the condition                    
define condition salesforce_com_data_center
url.address=204.14.232.0/21

url.address=96.43.144.0/20
end

;apply the action
<Proxy salesforce_com_data_center > condition= salesforce_com_data_center
     client.protocol=ssl detect_protocol(no) authenticate(no) ALLOW

     http.method=CONNECT detect_protocol(no) authenticate(no) ALLOW

;-----------------------------------------------------------------------

NOTE: The above CPL is written based on Salesforce knowledge base information. Since it is IP based, it will probably require adjusting in the future.