Skip to main content
TBC
TBC
Explorer
September 16, 2022
Question

proxy.pac but no access to local WebSite

  • September 16, 2022
  • 3 replies
  • 3518 views

Hello @All,

 

We're using explicit Web Proxy with pac-File.

 

function FindProxyForURL(url,host){     if (shExpMatch(url,"*.domain.com/*")){         return "DIRECT";}     if (shExpMatch(url,"*domain.com:*/*")){         return "DIRECT";}     if (isInNet(host,"192.168.0.0","255.255.0.0")){         return "PROXY proxy.domain.com:8888";} 	if (isInNet(host,"10.130.0.0","255.255.0.0")){         return "PROXY proxy.domain.com:8888";}     return "PROXY proxy.domain.com:8888"; }

 

 Internet works but with local IP like https://192.168.190.5 I get access denied:

 

TBC_0-1663328330033.png

 

How can we fix that problem?

 

Many thanks in advance

TheBob

 

3 replies

Anthony_E
Staff
Anthony_E
Staff
September 19, 2022

Hello TBC,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Best Regards
akristof
Staff
akristof
Staff
September 19, 2022

Hello,

Based on the output, do you have Proxy-policy to your local lan? This is some kind of "hairpin" proxy I guess.

TBC
TBCAuthor
Explorer
September 19, 2022

Hello Adrian,

thanks for replay!

I'm not really know what you mean but yes we have proxy-policy and the user needs to log in with the AD-User/PWD to get access to the internet but not for local Intranet:

TBC_0-1663569305302.png

 

What you mean with "hairpin"?

Many thanks!

TheBob

 

akristof
Staff
akristof
Staff
September 19, 2022

Hi.

Based on PAC configuration, traffic to local server 192.168.190.5 is going via proxy. And if my assumption is correct, this subnet is behind different port than wan2? So if it is behind port1 (example), you will need to have proxy-policy from explicit-web to port1 also. By the "hairpin" I meant that traffic is coming to FortiGate from local port and going back to the local port.

Coreywilliams
Coreywilliams
New Member
September 19, 2022

Type the following commands:
ipconfig /flushdns and press Enter.
ipconfig /registerdns and press Enter.
ipconfig /release and press Enter.
ipconfig /renew and press Enter.

 

The source is here.

Terms & ConditionsAccessibility statement