Puffin Academy

From Opendium Documentation
Jump to navigation Jump to search


Fully working, with additional configuration.


  • Allow the Puffin Academy firewall bundle on the Egress page.
  • Ensure that the Disable HTTPS Decryption Override is enabled. Note: we recommend that this override is always enabled (this is the default).


Puffin Academy makes HTTPS connections which contain an invalid Server Name Indication (*.flashbrowser.com) and the transparent proxy is therefore unable to validate the connections. The invalid connections are blocked, as the system considers them to be an attempt to bypass the usual filtering. Adding the above firewall configuration allows Puffin Academy to bypass the transparent proxy. Note that this problem does not affect devices which are configured to use the non-transparent proxy.

Puffin Academy does not utilise the device's trusted certificate store and therefore the standard Disable HTTPS decryption override contains rules to disable HTTPS decryption.

Some of this information is from the Puffin Academy website: http://www.flashbrowser.com/pconnect/faq.php#202

Vendor Contact Log

The following log summarises discussions with the vendor of Puffin Academy (CloudMosa) regarding the problems listed above.

  • 2016-07-06 - Reported to CloudMosa
  • 2016-07-07 - CloudMosa responded, stating that they would not fix the problems