Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

HTTPS download of PAC files for explicit proxy 7.2.1

Proxy auto-config (PAC) files can be downloaded for an explicit proxy through the FortiGate's captive portal using HTTPS to ensure a secure download.

Example

In this example, a Windows PC has an HTTPS URL configured in its proxy settings to download a PAC file from a FortiGate by using a download link, https://cp.myqalab.local:7831/proxy.pac, through a captive portal. Once the PAC file is securely downloaded using HTTPS, browsers installed on the PC can use the proxy in the PAC file to visit a website.

The global web proxy settings must be configured to use a customized SSL certificate because the default Fortinet_Factory certificate will not be accepted by Windows due to security restrictions. The customized SSL certificate is used as the HTTPS server's certificate on the FortiGate. All CA certificates in the server certificate must be installed and trusted on the Windows PC.

To download a PAC file using HTTPS:
  1. Configure the explicit web proxy to get a PAC file through HTTPS:

    config web-proxy explicit
        set pac-file-server-status enable
        unset pac-file-server-port
        set pac-file-name "proxy.pac"
        set pac-file-data "function FindProxyForURL(url, host) {
       // testtest
       return \"PROXY 10.1.100.1:8080\";
    }
    "
        set pac-file-through-https enable
    end
  2. Configure the captive portal to be used as an HTTPS server to provide the service to download the PAC file:

    config authentication setting
        set captive-portal-type ip
        set captive-portal-ip 10.1.100.1
        set captive-portal-ssl-port 7831
    end
  3. Configure the global web proxy settings to use a customized SSL certificate:

    config web-proxy global
        set ssl-cert "server_cert"
    end
  4. On the Windows PC, go to Settings > Network & Internet > Proxy.

  5. In the Automatic proxy setup section, click Save to trigger the PAC file download from the HTTPS URL.

HTTPS download of PAC files for explicit proxy 7.2.1

Proxy auto-config (PAC) files can be downloaded for an explicit proxy through the FortiGate's captive portal using HTTPS to ensure a secure download.

Example

In this example, a Windows PC has an HTTPS URL configured in its proxy settings to download a PAC file from a FortiGate by using a download link, https://cp.myqalab.local:7831/proxy.pac, through a captive portal. Once the PAC file is securely downloaded using HTTPS, browsers installed on the PC can use the proxy in the PAC file to visit a website.

The global web proxy settings must be configured to use a customized SSL certificate because the default Fortinet_Factory certificate will not be accepted by Windows due to security restrictions. The customized SSL certificate is used as the HTTPS server's certificate on the FortiGate. All CA certificates in the server certificate must be installed and trusted on the Windows PC.

To download a PAC file using HTTPS:
  1. Configure the explicit web proxy to get a PAC file through HTTPS:

    config web-proxy explicit
        set pac-file-server-status enable
        unset pac-file-server-port
        set pac-file-name "proxy.pac"
        set pac-file-data "function FindProxyForURL(url, host) {
       // testtest
       return \"PROXY 10.1.100.1:8080\";
    }
    "
        set pac-file-through-https enable
    end
  2. Configure the captive portal to be used as an HTTPS server to provide the service to download the PAC file:

    config authentication setting
        set captive-portal-type ip
        set captive-portal-ip 10.1.100.1
        set captive-portal-ssl-port 7831
    end
  3. Configure the global web proxy settings to use a customized SSL certificate:

    config web-proxy global
        set ssl-cert "server_cert"
    end
  4. On the Windows PC, go to Settings > Network & Internet > Proxy.

  5. In the Automatic proxy setup section, click Save to trigger the PAC file download from the HTTPS URL.