Multiple web proxy PAC files in one VDOM
Proxy auto-config (PAC) files automatically choose the appropriate proxy server for browsers and other user agents. Not every user in an organization has the same proxy server requirements. Supporting multiple PAC files provides granular control. To manage multiple PAC files, you use PAC policies.
This capability is available only when the FortiGate is in Proxy-based inspection mode.
If there is no matching PAC policy (by name), in the PAC policies, the global PAC file is used by default.
To enable Proxy mode:
GUI
- Go to System > Settings.
- In System Operation Settings, set the Inspection Mode to Proxy.
CLI
config system settings
set inspection-mode proxy
end
To configure a PAC policy
config web-proxy explicit
set status enable
set pack-file-server-status enable
config pac-policy
edit <policy ID#>
set srcaddr <name of IPv4 address object>
set srcaddr6 <name of IPv6 address object>
set dstaddr <name of address object>
set pac-file-name <string>
set pac-file-data "<PAC-file>"
end
Option | Description |
---|---|
srcaddr or srcaddr6
|
This address must conform to the following criteria:
It can be either IPv4 or IPv6. |
dstaddr
|
This address must conform to the following criteria:
|
pac-file-name
|
Name of the PAC file. |
pac-file-data
|
Enter the contents of the PAC file enclosed in quotes. It is permissible to use the Return key when entering the contents. Place the closing quote at the end of the last line. If quotes are used within the content of the file, use the escape character \ before the quote. Example: \" |
The pack-file-server-status
setting must be set to enable
in order for the config pac-policy
command to work.