FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 280788
Description This article describes how to configure a secure (HTTPS) download of a PAC file from FortiProxy.
Scope FortiProxy.

There is a new feature introduced in FortiProxy 7.4.0 version which can be used to configure a secure (HTTPS) download of PAC file from FortiProxy.


Follow these steps to configure it:


  1. Generate a server certificate to be used on the FortiProxy for the requests from the client. See Technical Tip: How to generate a self signed server certificate for instructions on how to generate the server certificate.

  2. Configure the captive portal to serve the PAC file:

config authentication setting

set captive-portal-type ip    (fqdn or ip can be used)

set captive-portal-ip   (captive portal interface and proxy interface need not be same)

set captive-portal-ssl-port 9090


Note: Enable proxy-captive-portal on the interface.


  1. Configure the web proxy on FortiProxy:

config web-proxy explicit-proxy

edit web-proxy

set status enable

set interface port3         -----------IP address

set http-incoming-port 8080

set pac-file-server-status enable

set pac-file-name "mypacfile.pac"

set pac-file-data "function FindProxyForURL(url, host) { //pacfiletest return \"PROXY\"; }



  1. Configure the end client to fetch the PAC file from FortiProxy as shown below: