An external proxy is a proxy that exists between the client machine and the PCS device and is set in the browser. There are a few ways to configure a proxy within the browser so that it will work to proxy connections when establishing a secure session with the PCS device.
Sample network drawing
Supported external proxy configurations
Proxy options for Internet Explorer:
- Manual proxy configuration OR
- Automatic proxy configuration URL (proxy.pac and wpad.dat)
Proxy options for Firefox and Mozilla:
- Manual proxy configuration OR
- Automatic proxy configuration URL (proxy.pac and wpad.dat)
Proxy options for Safari:
- FTP, Web, Secure Web, Streaming, SOCKS, or Gopher proxies (manual proxies) OR
- Automatic proxy configuration URL (proxy.pac and wpad.dat)
IMPORTANT: "Automatically detect" settings in Internet Explorer and "Auto-detect proxy settings for this network" in Firefox options ARE NOT supported with VPN tunneling. VPN tunneling only supports the use of a PAC file URL or manually defined proxy server.
PAC modifications
- To insure that clients configured with a proxy auto configuration URL in the browser that should take priority over the proxy configuration in the VPN connection profile, select the option to "Preserve client proxy settings" in the VPN connection profile.
- For clients that have a PAC file URL configured in the browser but also require different proxy configuration after connecting to the VPN, a different PAC file URL should be specified in the VPN connection profile.
- When a client connects with VPN tunneling with both client and server proxy configuration, the proxy logic is merged to a file called instantproxy.pac and is saved locally on the client PC and used for the VPN tunneling session.
- The merged instantproxy.pac file URL on the client PC is referenced with a loopback address, dedicated port and a pointer to the instantproxy.pac file as per the example below:.
http://127.0.0.1:34841/instantproxy.pac
- When the user disconnects from VPN tunneling, the original proxy configuration is restored on the client PC.
Table showing instantproxy.pac file entries:
Are connections to the
PCS device proxied? | Split Tunneling Option |
Proxy statement added
to the instantproxy.pac file
|
|---|
| Yes | Disabled |
function FindProxyForURL(url, host) {
if (expMatch(“IVEhost”, host)
return “PROXY external_proxy”;
else return “DIRECT”; } }
|
| No | Disabled |
function FindProxyForURL(url, host) {
return “DIRECT”;
}
|
| Yes | Enabled |
function FindProxyForURL(url, host) {
if (expMatch(“IVEhost”, host)
return “PROXY external_proxy”;
else if (isInNet(“split tunnel policy”)
return “DIRECT”;
else return “PROXY external_proxy”;
}
|
| No | Enabled |
function FindProxyForURL(url, host) {
if (expMatch(“IVEhost”, host)
return “DIRECT”;
else if (isInNet(“split tunnel policy”)
return “DIRECT”;
else return “PROXY external_proxy”;
}
|
| Yes | Disabled with access to local subnet |
function FindProxyForURL(url, host) {
if (expMatch(“IVEhost”, host)
return “PROXY external_proxy”;
else if (isInNet(“local subnet”)
return “PROXY external_proxy”;
else return “DIRECT”;
}
|
| No | Disabled with access to local subnet |
function FindProxyForURL(url, host) {
if (expMatch(“IVEhost”, host)
return “DIRECT”;
else if (isInNet(“local subnet”)
return “PROXY external_proxy”;
else return “DIRECT”;
}
|
IMPORTANT: "Automatically detect" settings in Internet Explorer and "Auto-detect proxy settings for this network" in Firefox options ARE NOT supported with VPN tunneling. VPN tunneling only supports the use of a PAC file URL or manually defined proxy server.