Technical Tip: Configure secure (HTTPS) download of a PAC file

There is a new feature introduced in FortiProxy 7.4.0 version which can be used to configure a secure (HTTPS) download of PAC file from FortiProxy.

Follow these steps to configure it:

1. Generate a server certificate to be used on the FortiProxy for the requests from the client. See Technical Tip: How to generate a self signed server certificate for instructions on how to generate the server certificate.
   
   
2. Configure the captive portal to serve the PAC file:

config authentication setting

set captive-portal-type ip    (fqdn or ip can be used)

set captive-portal-ip 172.31.143.62   (captive portal interface and proxy interface need not be same)

set captive-portal-ssl-port 9090

end

Note: Enable proxy-captive-portal on the interface.

3. Configure the web proxy on FortiProxy:

config web-proxy explicit-proxy

edit web-proxy

set status enable

set interface port3         -----------IP address 172.31.143.62

set http-incoming-port 8080

set pac-file-server-status enable

set pac-file-name "mypacfile.pac"

set pac-file-data "function FindProxyForURL(url, host) { //pacfiletest return \"PROXY 172.31.143.62:8080\"; }

end

4. Configure the end client to fetch the PAC file from FortiProxy as shown below: