Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
jcastellanos
Staff
Staff

Created on ‎08-18-2024 12:38 PM Edited on ‎06-25-2025 06:59 AM By Community Manager

Article Id 334042

Troubleshooting Tip: Unable to download the PAC file from FortiProxy using HTTPS

Description This article describes a case when it is impossible to download the PAC file from FortiProxy using HTTPS.
Scope FortiProxy 7.4.X.
Solution

The user could report that it is possible to download the PAC file from FortiProxy by HTTP, but can not download when trying by HTTPS.

 

Verify the configuration is well set:

 

config web-proxy explicit-proxy
    edit "web-proxy"
        set status enable
        set interface "any"
        set secure-web-proxy disable
        set http enable
        set ftp-over-http enable
        set socks disable
        set http-incoming-port 8080
        set http-connection-mode static
        set https-incoming-port 8080
        set ftp-incoming-port 8080
        set incoming-ip 0.0.0.0
        set ipv6-status disable
        set unknown-http-version best-effort
        set realm "default"
        set sec-default-action deny
        set pac-file-server-status enable
        set pac-file-server-port 8081
        set pac-file-name "mypacfile.pac"  <--
        set pac-file-data "function FindProxyForURL(url, host) {
// testtest
return \"PROXY 10.1.100.1:8080\";
}
"

config authentication setting
    set active-auth-scheme ''
    set sso-auth-scheme ''
    set update-time
    set persistent-cookie enable
    set ip-auth-cookie disable
    set cookie-max-age 480
    set cookie-refresh-div 2
    set captive-portal-type fqdn
    set captive-portal "fortiproxy.test.com"  <--
    set captive-portal6 ''
    set cert-auth disable
    set captive-portal-port 7830
    set auth-https enable
    set captive-portal-ssl-port 7831  <---
end

 

It is possible to try to make a test using a test downloading the file, but the connection fails:

C:\Users\new>curl https://fortiproxy.test.com:7831/mypacfile.pac -kv
* Trying 192.168.150.20:7831...
* Connected to fortiproxy.test.com (192.168.15.20) port 7831
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server did not agree on a protocol. Uses default.
* using HTTP/1.x
> GET /mypacfile.pac HTTP/1.1
> Host: fortiproxy.test.com:7831
> User-Agent: curl/8.4.0
> Accept: */*
>
* schannel: server closed abruptly (missing close_notify)
* Closing connection
* schannel: shutting down SSL/TLS connection with fortiproxy.test.com port 7831
curl: (56) Failure when receiving data from the peer

 

Start to see WAD crashes every time, try the connection if performing a diagnose debug crashlog read in the FortiProxy.

 

 <05860> firmware FortiProxy v7.4.4,build0603b0603,240507 (GA.F) (Release)
 <05860> application wad
 <05860> *** signal 11 (Segmentation fault) received ***
<05860> [0x0106a310] => /bin/wad => wad_http_req_handle_special + 0x0540 => /code/daemon/wad/http/wad_http_engine.c:14830 (discriminator 1)


The issue is associated with bug ID 1038453, which is resolved after FortiProxy version 7.4.5.

 

Related article:

Technical Tip: Configure secure (HTTPS) download of a PAC file
725
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.