Description
This article describes how to configure the proxy auto-config (PAC) file in FortiGate firewall to bypass the traffic through explicit proxy
Scope
A proxy auto-configuration (PAC) file is a text file that instructs a browser to forward traffic to a proxy server, instead of directly to the destination server. It contains JavaScript that specifies the proxy server and optionally, additional parameters that specify when and under what circumstances a browser forwards traffic to the proxy server. For example, a PAC file can specify on what days of the week or what hours of the day traffic is sent to a proxy, or for which domains and URLs traffic is not sent to a proxy.
Solution
GUI syntax:
- Go to Network -> Explicit proxy -> Enable [ proxy auto-config (PAC) ].
- Edit the PAC file content as required and apply it.
Sample PAC file code:
function FindProxyForURL(url, host) {
// the local URLs from the domains below example.com do not need a proxy:
if (shExpMatch(url,"*.example.com/*")) {return "DIRECT";} - based the domain through proxy
if (isInNet(host, "172.31.135.180", "255.255.255.255")) {return "DIRECT";} // - based the server IP through proxy
// All other requests go through port 8080 of proxy.example.com.
return "PROXY example.com:8087; DIRECT"; // <--- make sure that the domain should resolve to proxy IP address
return "DIRECT";
}-
// the local URLs from the domains below example.com do not need a proxy:
if (shExpMatch(url,"*.example.com/*")) {return "DIRECT";} - based the domain through proxy
if (isInNet(host, "172.31.135.180", "255.255.255.255")) {return "DIRECT";} // - based the server IP through proxy
// All other requests go through port 8080 of proxy.example.com.
return "PROXY example.com:8087; DIRECT"; // <--- make sure that the domain should resolve to proxy IP address
return "DIRECT";
}-
Configure the PAC file setting on client browser.
Result:
- The local server 172.31.135.180 traffic is bypassed by explicit proxy.
- The traffic is blocked by the explicit proxy.
