Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
anil_nayak_FTNT
Staff
Staff

Created on ‎01-13-2015 05:00 AM Edited on ‎08-19-2024 04:37 AM By Moderator

Article Id 195055

Technical Tip: Proxy auto-config (PAC) configuration

Description

 
A proxy auto-config (PAC) file defines how web browsers can choose a proxy server for receiving HTTP content. PAC files include the FindProxyForURL(url, host) JavaScript function that returns a string with one or more access method specifications. These specifications cause the web browser to use a particular proxy server or to connect directly.

To configure PAC for explicit web proxy users, you can use the port that PAC traffic from client web browsers use to connect to the explicit web proxy. Explicit web proxy users must configure their web browser’s PAC proxy settings to use the PAC port.


Scope

 

FortiOS. Explicit proxy

 

Solution

 
PAC File Content

The default PAC file can be editted from the web-based manager, or the following command can be used to upload a custom PAC file:
 
config web-proxy explicit
set pac-file-server-status enable
set pac-file-data [pac_file_str]
end

Where [pac_file_str] is the contents of the PAC file. The PAC file text should be entered in quotes. You can copy the contents of a PAC text file and paste the contents into the CLI using this option. Enter the command followed by two sets of quotes then place the cursor between the quotes and paste the file content.

The maximum PAC file size is 256 kbytes. If your FortiGate unit is operating with multiple VDOMs each VDOM has its own PAC file. The total amount of FortiGate memory available to store all of these PAC files is 2 MBytes. If this limit is reached you will not be able to load any additional PAC files.

You can use any PAC file syntax that is supported by your users’s browsers. The FortiGate unit does not parse the PAC file.

To use PAC, users must add an automatic proxy configuration URL (or PAC URL) to their web browser proxy configuration. The default FortiGate PAC file URL is:

http://[interface_ip]:[pac_port_int]/[pac_file_str]

Example: If the interface with the explicit web proxy has IP address 172.20.120.122, the PAC port is the same as the default HTTP explicit web proxy port (8080) and the PAC file name is proxy.pac then the PAC file URL would be:

http://172.20.120.122:8080/proxy.pac

From the CLI, use the following command to display the PAC file urls:

get web-proxy explicit
 

Renaming:

 

The proxy.pac file is saved with this default name on the FortiGate and can be retrieved from the URL above only with this name.

This name can be changed under the proxy settings on FortiGate:


    config web-proxy explicit-proxy

        set pac-file-name {string}

    end

 

On the browser, there is no restriction or limitation related to the name, as long as the files do not have the '.pac' extension.

 

See the CLI reference for more information.

Labels:
27966
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.