4 Replies Latest reply on Aug 31, 2012 3:33 PM by ahighfill

    PAC file for non-browser access MWG7

      We are planning to use PAC files for internet access. The reason we are attempting to use the PAC file is for high availability with a another web filter. I have the PAC file set in IE internet options set correctly and traffic from the browser is working just fine through the MWG7.  The PAC file references the MWG7.

       

      However, my issue is when a non-browser application(and some browser applications) tries to access the internet.  These applications fail.  The application does not see my proxy settings.  Although, when we did not use a PAC file and just specified a proxy server, all works well with these applications.  We block all traffic that is not through the filter.

       

      Any help on this issue would be appreciated.

       

      Thanks!

       

      Message was edited by: ahighfill on 3/7/11 4:53:08 PM CST
        • 1. PAC file for non-browser access MWG7
          michael_schneider

          Well, if a tool, doesn't respect proxy settings, than this is clearly a problem - as you recognized. For those tools you could deploy MWG in a transparent fashion to catch that traffic. I would recommend to only do this for a limited amount of users. Or you could create a redirection rule on your firewall to redirect traffic to MWG transparently... Up to others if they have some smarter ideas.

          • 2. Re: PAC file for non-browser access MWG7
            DBO

            We have some users from an outside company on a restricted segment in our corp network using the proxy to do VPN-SSL and it will not work with the PAC file but work with a direct proxy config in IE.  Look like a conflict between the local IP address and the IP address the client is negociating from the remote connection.  Base on the IP, the PAC file return either direct connection or proxy usage and IE is confuse...

             

            PS: This is with 6.8.7

             

            Ce message a été modifié par: DBO on 08/03/11 08:50:39 CST
            • 3. Re: PAC file for non-browser access MWG7
              feeeds

              Were you ever able to get this set up properly? We have the same setup - pac files and firewall set to drop if traffic comes from client vs proxy. We see some traffic from apps (java) that tries to go direct. How do we set this up in the proxy to accept traffic from firewall ?

              • 4. Re: PAC file for non-browser access MWG7

                I believe that michael_schneider response cleared it up the most for me. if a tool or application does not supprot proxy settings or PAC files then there is not much we can do. 

                 

                I have stopped using PAC files as there is too many issues with these, personally.