In this example, the PAC file for your devices is divided into sections:


    1. Section 1 contains the standard values of any Zscaler PAC file.


    2. Section 2 contains the assignment of IPs for the variables "tozscaler" and "bypassproxy". Section 2 shows a simple way to do a Load Balance per Source IP (odd/even) to use both CSC simultaneously for Web Traffic. In Section 2, you need to replace csc1vip, csc1bypass, csc2vip and csc2bypass for the IP values taken from the CSC console.


    3. Section 3 contains the list of Domains to proxy bypass.


    4. Section 4 contains the line for default traffic to Zscaler.


function FindProxyForURL(url, host) {

    // =========================================================

    // Section 1: Zscaler standard PAC values


    var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/;

    var resolved_ip = dnsResolve(host);


    /* Don't send non-FQDN or private IP auths to us */

    if (isPlainHostName(host) || isInNet(resolved_ip, "192.0.2.0", "255.255.255.0") || privateIP.test(resolved_ip))

        return "DIRECT";


    /* FTP goes directly */

    if (url.substring(0, 4) == "ftp:")

        return "DIRECT";


    /* test with ZPA */

    if (isInNet(resolved_ip, "100.64.0.0", "255.255.0.0"))

        return "DIRECT";


    // =========================================================

    // Section 2: Load Balancing: 2 x Cloud Security Connectors Multiplex 1 Gbps

    // AWS to Zscaler: 2 Gbps


    // Get NIC IP address       

    nicIp = myIpAddress();


    // Assigning values to "tozscaler" and "bypass"

    if (isInNet(nicIp, "0.0.0.0", "0.0.0.1")) {

        var tozscaler = "PROXY csc1vip:80; PROXY csc2vip:80";

        var bypassproxy = "PROXY csc1bypass:3128; PROXY csc2bypass:3128";

    }


    if (isInNet(nicIp, "0.0.0.1", "0.0.0.1")) {

        var tozscaler = "PROXY csc2vip:80; PROXY csc1vip:80";

        var bypassproxy = "PROXY csc2bypass:3128; PROXY csc1bypass:3128";

    }


    // =========================================================

    // Section 3: Bypass via Cloud Security Connectors


    // Bypass via CSC Public IPs (Examples)

    // Okta Domains (for Location Rules)

    if ((shExpMatch(host, "*.okta.com")) ||

        (shExpMatch(host, "*.oktacdn.com")) ||

        (shExpMatch(host, "*.okta-emea.com")) ||

        (shExpMatch(host, "login.mydomain.com")) ||

        // O365 Domains for ConditionalAccess

        (shExpMatch(host, "login.microsoftonline.com")) ||

        (shExpMatch(host, "login.microsoft.com")) ||

        (shExpMatch(host, "login.windows.net")) ||

        // IP / Port test page

        (shExpMatch(host, "portquiz.net"))) {

        return bypassproxy

    }

    // =========================================================

    // Section 4: Default Traffic


    /* Default Traffic Forwarding. Forwarding to Zen on port 80, but you can use port 9400 also */

    return tozscaler

}