This PAC is for Servers, Virtual Desktops, etc. This PAC contains 3 sections:

  • Section 1: Standard values to bypass private IPs, ZPA, etc.
  • Section 2: Selection of variables "tozscaler" and "bypassproxy" and Web traffic Load Balancing per source IP.
  • Section 3: Bypass section. A simple Copy/Paste of the same section on the Bypass PAC for CSC.


PAC for Servers, Virtual Desktops, etc; to duplicate Web traffic to Zscaler.

function FindProxyForURL(url, host) {

    // =========================================================

    // Section 1: Zscaler standard PAC values


    var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/;

    var resolved_ip = dnsResolve(host);


    /* Don't send non-FQDN or private IP auths to us */

    if (isPlainHostName(host) || isInNet(resolved_ip, "192.0.2.0", "255.255.255.0") || privateIP.test(resolved_ip))

        return "DIRECT";


    /* FTP goes directly */

    if (url.substring(0, 4) == "ftp:")

        return "DIRECT";


    /* test with ZPA */

    if (isInNet(resolved_ip, "100.64.0.0", "255.255.0.0"))

        return "DIRECT";


    // =========================================================

    // Section 2: Load Balancing (odd/even source ip): 2 x Cloud Security Connectors

    // Gcloud: 2 Gbps


    // Get NIC IP address

    nicIp = myIpAddress();


    // Assigning values to "tozscaler" and "bypassproxy"

    if (isInNet(nicIp, "0.0.0.0", "0.0.0.1")) {

        var tozscaler = "PROXY <csc-vip-a>:80; PROXY <csc-vip-b>:80";

        var bypassproxy = "PROXY <csc-bypassproxy-ip-a>:3128; PROXY <csc-bypassproxy-ip-b>:3128";

    }


    if (isInNet(nicIp, "0.0.0.1", "0.0.0.1")) {

        var tozscaler = "PROXY <csc-vip-b>:80; PROXY <csc-vip-a>:80";

        var bypassproxy = "PROXY <csc-bypassproxy-ip-b>:3128; PROXY <csc-bypassproxy-ip-a>:3128";

    }


    // =========================================================

    // Section 3: bypassproxy via Cloud Security Connectors


    // bypassproxy via CSC Public IPs (Examples)

    // Okta Domains (for Location Rules)

    if ((shExpMatch(host, "*.okta.com")) ||

        (shExpMatch(host, "*.oktacdn.com")) ||

        (shExpMatch(host, "*.okta-emea.com")) ||

        (shExpMatch(host, "login.mydomain.com")) ||

        // O365 Domains for ConditionalAccess

        (shExpMatch(host, "login.microsoftonline.com")) ||

        (shExpMatch(host, "login.microsoft.com")) ||

        (shExpMatch(host, "login.windows.net")) ||

        // IP / Port test page

        (shExpMatch(host, "portquiz.net"))) {

        return bypassproxy

    }

    // =========================================================

    // Section 4: Default Traffic


    /* Default Traffic Forwarding. Forwarding to Zen on port 80, but you can use port 9400 also */

    return tozscaler

}