Certain applications or websites doesn't work properly when accessed via iPhone or iPad.
When using proxy Authentication, users are unable to access iPhone or iPad applications because the IOS software does not include the credentials (username and password) required for authenticating the request, and the request times out.
Authentication has to be disabled for iPhone or iPad devices.
iPhone or iPad devices are recognized based on User-Agent HTTP Header.
Note: Before making changes to your policy verify that traffic is not blocked by any other rule (like Web Access rules)
https://knowledge.broadcom.com/external/article/166514/use-policy-tracing-to-debug-access-denie.html
To Install the policy into the Local Policy File on the ProxySG:
<Proxy>
Allow request.header.User-Agent="iTunes" authenticate(no)
Allow request.header.User-Agent="iphone" authenticate(no)
Allow request.header.User-Agent="ipad" authenticate(no)
Allow request.header.User-Agent="Stocks" authenticate(no)
Allow request.header.User-Agent="CFNetwork" authenticate(no)
Allow request.header.User-Agent="Darwin" authenticate(no)
Allow request.header.User-Agent="Wispr" authenticate(no)
5. Click Install.
In newer iPads version Desktop mode is enabled for Safari.
It means that iPad will not send User-Agent header and as a result ProxySG can't properly identify iPad device.
This option can be disabled in iPad settings:
Settings -> Safari -> Request Desktop Website -> All websites.
Change to Disabled