When you flip the HTTP authentication switch, the BES is authenticating on behalf of the blackberry device.
If you add a rule to your proxy allowing the BES traffic through then your problem should be solved. However (with this method), you aren't forcing your users to authenticate with the proxy server since all the traffic appears to be originating from the BES so you can't track what users are browsing (I'm not sure if this is important or not in your organization).
If you want to force users to authenticate with HTTP authentication on then check out proxy mapping in the BES 5 admin guide.
|