Fortinet black logo

Handbook

Multiple web proxy PAC files in one VDOM

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:197387
Download PDF

Multiple web proxy PAC files in one VDOM

Proxy auto-config (PAC) files automatically choose the appropriate proxy server for browsers and other user agents. Not every user in an organization has the same proxy server requirements. Supporting multiple PAC files provides granular control. To manage multiple PAC files, you use PAC policies.

This capability is available only when the FortiGate is in Proxy-based inspection mode.

If there is no matching PAC policy (by name), in the PAC policies, the global PAC file is used by default.

To enable Proxy mode:

GUI
  1. Go to System > Settings.
  2. In System Operation Settings, set the Inspection Mode to Proxy.
CLI

config system settings

set inspection-mode proxy

end

To configure a PAC policy

config web-proxy explicit

set status enable

set pack-file-server-status enable

config pac-policy

edit <policy ID#>

set srcaddr <name of IPv4 address object>

set srcaddr6 <name of IPv6 address object>

set dstaddr <name of address object>

set pac-file-name <string>

set pac-file-data "<PAC-file>"

end

Option Description
srcaddr or srcaddr6

This address must conform to the following criteria:

  • a range, mask or wildcard mask type of address or address group
  • source type proxy-address or group

It can be either IPv4 or IPv6.

dstaddr

This address must conform to the following criteria:

  • a range, mask or wildcard type of address or address group
  • it must be resolved as the FortiGate address
pac-file-name Name of the PAC file.
pac-file-data

Enter the contents of the PAC file enclosed in quotes. It is permissible to use the Return key when entering the contents. Place the closing quote at the end of the last line. If quotes are used within the content of the file, use the escape character \ before the quote. Example: \"

The pack-file-server-status setting must be set to enable in order for the config pac-policy command to work.

Multiple web proxy PAC files in one VDOM

Proxy auto-config (PAC) files automatically choose the appropriate proxy server for browsers and other user agents. Not every user in an organization has the same proxy server requirements. Supporting multiple PAC files provides granular control. To manage multiple PAC files, you use PAC policies.

This capability is available only when the FortiGate is in Proxy-based inspection mode.

If there is no matching PAC policy (by name), in the PAC policies, the global PAC file is used by default.

To enable Proxy mode:

GUI
  1. Go to System > Settings.
  2. In System Operation Settings, set the Inspection Mode to Proxy.
CLI

config system settings

set inspection-mode proxy

end

To configure a PAC policy

config web-proxy explicit

set status enable

set pack-file-server-status enable

config pac-policy

edit <policy ID#>

set srcaddr <name of IPv4 address object>

set srcaddr6 <name of IPv6 address object>

set dstaddr <name of address object>

set pac-file-name <string>

set pac-file-data "<PAC-file>"

end

Option Description
srcaddr or srcaddr6

This address must conform to the following criteria:

  • a range, mask or wildcard mask type of address or address group
  • source type proxy-address or group

It can be either IPv4 or IPv6.

dstaddr

This address must conform to the following criteria:

  • a range, mask or wildcard type of address or address group
  • it must be resolved as the FortiGate address
pac-file-name Name of the PAC file.
pac-file-data

Enter the contents of the PAC file enclosed in quotes. It is permissible to use the Return key when entering the contents. Place the closing quote at the end of the last line. If quotes are used within the content of the file, use the escape character \ before the quote. Example: \"

The pack-file-server-status setting must be set to enable in order for the config pac-policy command to work.