ProxySG & Advanced Secure Gateway

 View Only
  • 1.  Redirect HTTP traffic from local users towards Domain controller to ProxySG using PAC file

    Posted Nov 20, 2020 12:39 PM
    Hello Everyone,

    I hope you are doing well.
    Local users resolving the private IP address of domain controller but the web URL of the domain mapped to public IP, so if any user browse http://mydomain.com it will not work.

    I configured CPL policy and ready to use. I try in the PAC file to redirect HTTP traffic destined to domain controller to be send to our proxy but it did not work.

    If I remove the PAC file from browser setting and use proxy server details, it works.

    Can you please help me with the correct syntax in the PAC file?, currently in PAC all traffic destined to private IP addresses and URLs are returned with direct action


  • 2.  RE: Redirect HTTP traffic from local users towards Domain controller to ProxySG using PAC file

    Broadcom Employee
    Posted Nov 20, 2020 02:50 PM
    Hi Mohammad,

    I think something like

    if (shExpMatch(host, "*.mydomain.com"))
           return "PROXY your.proxy.url:8080";

    could work to send that domain to the ProxySG. Having that syntax toward the beginning ensures another PAC rule isn't being hit and sending it direct.

    If you need more PAC file examples, This KB gives an example of PAC file to send to WSS. I have also personally found both Wikipedia's and Mozilla's Proxy auto-config pages to be great resources with lots of PAC file examples. <Obligatory, those sites aren't maintained by Broadcom disclaimer>

    Hope that helps!


  • 3.  RE: Redirect HTTP traffic from local users towards Domain controller to ProxySG using PAC file

    Posted Nov 20, 2020 02:57 PM
      |   view attached
    Hi jacob, 

    Thank you for your reply, actually I need only HTTP and HTTPs traffic to send to proxy, and any other traffic destined to domain controllers to bypassed.

    I have upload sample of PAC file I created for this request.

    I have another rule sending traffic direct and I put the rule for HTTP traffic before the direct rule.

    Appreciate your help.

    Attachment(s)

    txt
    PAC Sample.txt   741 B 1 version


  • 4.  RE: Redirect HTTP traffic from local users towards Domain controller to ProxySG using PAC file

    Broadcom Employee
    Posted Nov 20, 2020 03:20 PM
    Edited by Jacob Miles Nov 20, 2020 03:26 PM
    Hi Mohammad,

    Maybe we are both missing something, but from what I can see, I would expect that first rule to match. 

    From what you have mentioned before, when you put the ProxySG in the proxy settings in the browser, it works just fine. From that, we know that
    1) The ProxySG is configured correctly
    2) The client machine can reach the ProxySG

    In testing the ProxySG connection, if you didn't test using srvproxy:8558 in the browser proxy settings, then I would test that. It could be that the PAC file is working, but that the DNS is failing to resolve srvproxy hostname

    Another thing to consider is that if the connection is slow between the client and the Proxy, that could be an issue. Different browsers have different timeout period before they try the next route listed (in your case DIRECT). The fastest I have seen is 3 seconds, so I wouldn't expect a 1 second delay to cause this.

    Outside of the above, I would look into where you PAC file is being hosted, and investigate in that direction. Maybe see if you have better results using 'host' implementation of shExpMatch instead of url? I just don't see why what you have shouldn't work.

    I'm afraid I'm probably not much help at this point, as I don't see anything glaringly wrong with the PAC file, and we've established you can reach the ProxySG without it. 

    Hope that helps!




  • 5.  RE: Redirect HTTP traffic from local users towards Domain controller to ProxySG using PAC file

    Posted Nov 20, 2020 04:18 PM
    Thank you Jacob for your support, I will check and update if it works


  • 6.  RE: Redirect HTTP traffic from local users towards Domain controller to ProxySG using PAC file

    Posted Nov 20, 2020 04:49 PM
      |   view attached
    Apologies Jacob, I noticed the sample PAC is not accurate, for host (*.mydomain) it should be DIRECT not return to proxy.

    if (
    shExpMatch(host, "*.mydomain"))
    return "DIRECT";

    I uploaded the PAC file again, with this rule any possibility that it could affect redirecting HTTP traffic .

    Attachment(s)

    txt
    PAC Sample.txt   720 B 1 version