I have an SRX240 installed. I have default denys on both inbound and outbound. I run a Sophos WS500 internal to the SRX as the proxy and all users have to use the WS500 as their proxy. This means that I have rules in place that deny access to 80 and 443 unless they come from the proxy server. To locate the proxy I use WPAD. This works for all web browsing on all OS platforms for all browsers.
Google Drive for some reason that no one has been able to explain is not picking up the WPAD and is therefore trying to bypass the proxy and access Google directly - being blocked by the rules. Google say to put a list of exceptions in the firewall (https://support.google.com/drive/answer/2589954?hl=en), only many of them are either domain based or wildcard based neither of which the SRX will allow in the configuration. This list also misses the akamaitechnologies.com and 1e100.net addresses that the software is referenceing The number of IP addresses and /or FQDN is never ending. Every time I think I have it another server is leveraged by the software.
So the question is, any ideas on how I get around this? Any suggestions would be helpfull because at the moment it looks like junking the SRX for something else.