FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
A proxy auto-config (PAC) file defines how web browsers can choose a proxy server for receiving HTTP content. PAC files include the FindProxyForURL(url, host) JavaScript function that returns a string with one or more access method specifications. These specifications cause the web browser to use a particular proxy server or to connect directly.

To configure PAC for explicit web proxy users, you can use the port that PAC traffic from client web browsers use to connect to the explicit web proxy. Explicit web proxy users must configure their web browser’s PAC proxy settings to use the PAC port.

PAC File Content

The default PAC file can be editted from the web-based manager, or the following command can be used toupload a custom PAC file:

config web-proxy explicit
set pac-file-server-status enable
set pac-file-data [pac_file_str]

Where [pac_file_str] is the contents of the PAC file. The PAC file text should be entered in quotes. You can copy the contents of a PAC text file and paste the contents into the CLI using this option. Enter the command followed by two sets of quotes then place the cursor between the quotes and paste the file content.

The maximum PAC file size is 256 kbytes. If your FortiGate unit is operating with multiple VDOMs each VDOM has its own PAC file. The total amount of FortiGate memory available to store all of these PAC files is 2 MBytes. If this limit is reached you will not be able to load any additional PAC files.

You can use any PAC file syntax that is supported by your users’s browsers. The FortiGate unit does not parse the PAC file.

To use PAC, users must add an automatic proxy configuration URL (or PAC URL) to their web browser proxy configuration. The default FortiGate PAC file URL is:


Example: If the interface with the explicit web proxy has IP address, the PAC port is the same as the default HTTP explicit web proxy port (8080) and the PAC file name is proxy.pac then the PAC file URL would be:

From the CLI you can use the following command to display the PAC file urls:

get web-proxy explicit