cancel
Showing results for 
Search instead for 
Did you mean: 

PAC file being modified?

Contributor

PAC file being modified?

Hi all,

We have an SA4500 that, for a specific role, hands out a PAC file from an internal web server. I modified the PAC file so that it includes a number of exceptions based on IP address and/or host name. The very top of the file starts with:

function FindClientProxy(url, host) {

if (isInNet(host, "1.1.1.0", "255.255.255.0")) {

return "DIRECT";

}

if (shExpMatch(host, "*.local")) {

return "DIRECT";

}

{


(various other exceptions)

}

return "PROXY proxy:88";

Essentially, I'm trying to tell the remote clients to bypass our proxy server for certain hosts and IPs, but use the proxy server, otherwise.

Upon logging into the role, the user gets the PAC file correctly, but at the very top of the file is the following:

function FindClientProxy(url, host) {

return "DIRECT";

}

This tells me it's somehow being added to the file and forcing the clients to go out to internet sites directly, not through our proxy environment. They will get blocked by this, as our firewall doesn't permit users to have open internet access.

Why is the PAC file being modifed like this? I clearly select the "Automatic (URL for PAC file on another server)" option in the Network Connect proxy settings for this role. How is it telling the PAC file to do that?

Thanks!

6 REPLIES 6
Frequent Contributor

Re: PAC file being modified?

Please confirm if your proxy server is internal or external to SA device, also confirm if you have split tunnel disabled or enabled, based on these settings PAC file will be created differently.

Contributor

Re: PAC file being modified?

The proxy server is internal to the SA device. It's not on the same VLAN, but it's reachable from the internal interface.

Split tunneling is enabled, with access to the local subnet only.

Highlighted
Frequent Contributor

Re: PAC file being modified?

With split tunnel enabled mode and with internal proxy only traffic that needs to go via tunnel uses proxy all other traffic will go direct including the exeptions that are specified withing the original PAC file..

You can create a TAC case to investigate this further.

Contributor

Re: PAC file being modified?

I have a TAC case open now. It just seems strange to me that the PAC file would be modified at all - or there's another setting in the role that's adding this function in.

Contributor

Re: PAC file being modified?

Its a question of IVE version.

6.5 changes the behaviour of automatic configuring pac script on client though you disabled proxy function on network connect IVE level.

Contributor

Re: PAC file being modified?

spacyfreak,

Why would that change? I want to specify how the users use our proxy and when. Are you telling me that the code version prevents the administrator from doing that?