I have this situation.
In our network all clients use a manual proxy configuration on the browser to connect to Internet.
Some clients also use the laptops to connect from their home to the IVE through an UMTS card.
We have no proxy settings on this connection but we would like to have the proxy setting directly from the IVE so we have configured to use the proxy on these users from the IVE.
It is correct or not because at the moment it doesn't work?
I have a lot of experience with Network Connect and how it handles proxying. Can you tell me what you have coded in the NC profile for the proxy to be used? How are you deciding that the current configuration is not working?
I have configured on the User Network Connect Profiles the Manual configuration of the proxy server (IP address and port). If I correctly understood the instantproxy.pac should be a merge with of the browser proxy settings and what configured in the IVE: it is right?
In my case I have to find only the proxy server settings because for the UMTS card connection I have no proxy settings. But unfortunately I found a merge with the proxy settings for the lan connection configured in the browser.
I hope you will understand.
Many thanks for your collaboration
In the UMTS connection there is no proxy setting in the browser because the client use UMTS not only for connecting to the IVE.
The proxy settings in the IVE for those specific roles is manual proxy setting (IP address and port).
But I remember to you that in the browser settings there is a manual proxy configuration with some exclusions.
Do you know where the function FindClientProxy(url, host) is called??
I've looked at a number of instantproxy.pac files, and have never seen a call to FindClientProxy(url, host).
What is specified for the proxy in the NC connection policy which is applied to the UMTS users?
You are right. I checked in Internet but I never find a proxypac with this function but it is created when the client connects to IVE looking at the browser settings for LAN on the laptop where I have configured a manul proxy and some exclusions in order to access local servers without proxy.
In fact, if I configure the IVE to pass to client the proxy by manual configuration I find the proxy Ip address and port on the function: FindServerProxy
It is crazy.
I think you are seeing normal behavior. The instantproxy.pac file needs to make sure that the client browser can still reach the SA device through it's original proxy settings, and to make sure that any traffic which goes through the tunnel into the secured network can reach a proxy in case it requires one. So, the FindProxyforURL function in the instantproxy.pac file effectively says "traffic destined for the SA needs to use the client browser proxy settings; all other traffic uses the proxy settings in the NC profile."
My guess is that the FindClientProxy function was originally used to establish the proxy for access to the SA; I'm guessing that Juniper had problems with that, but never took it out of the instantproxy.pac file.