In this example, the PAC file for your devices is divided into sections:
1. Section 1 contains the standard values of any Zscaler PAC file.
2. Section 2 contains the assignment of IPs for the variables "tozscaler" and "bypassproxy". Section 2 shows a simple way to do a Load Balance per Source IP (odd/even) to use both CSC simultaneously for Web Traffic. In Section 2, you need to replace csc1vip, csc1bypass, csc2vip and csc2bypass for the IP values taken from the CSC console.
3. Section 3 contains the list of Domains to proxy bypass.
4. Section 4 contains the line for default traffic to Zscaler.
function FindProxyForURL(url, host) { // ========================================================= // Section 1: Zscaler standard PAC values var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/; var resolved_ip = dnsResolve(host); /* Don't send non-FQDN or private IP auths to us */ if (isPlainHostName(host) || isInNet(resolved_ip, "192.0.2.0", "255.255.255.0") || privateIP.test(resolved_ip)) return "DIRECT"; /* FTP goes directly */ if (url.substring(0, 4) == "ftp:") return "DIRECT"; /* test with ZPA */ if (isInNet(resolved_ip, "100.64.0.0", "255.255.0.0")) return "DIRECT"; // ========================================================= // Section 2: Load Balancing: 2 x CSC Mux 8 // AWS to Zscaler: 16 Gbps // Get NIC IP address nicIp = myIpAddress(); // Assigning values to "tozscaler" and "bypass" if (isInNet(nicIp, "0.0.0.0", "0.0.0.1")) { var tozscaler = "PROXY csc1vip:80; PROXY csc2vip:80"; var bypassproxy = "PROXY csc1bypass:3128; PROXY csc2bypass:3128"; } if (isInNet(nicIp, "0.0.0.1", "0.0.0.1")) { var tozscaler = "PROXY csc2vip:80; PROXY csc1vip:80"; var bypassproxy = "PROXY csc2bypass:3128; PROXY csc1bypass:3128"; } // ========================================================= // Section 3: Bypass via Cloud Security Connectors // Bypass via CSC Public IPs (Examples) // Okta Domains (for Location Rules) if ((shExpMatch(host, "*.okta.com")) || (shExpMatch(host, "*.oktacdn.com")) || (shExpMatch(host, "*.okta-emea.com")) || (shExpMatch(host, "login.mydomain.com")) || // O365 Domains for ConditionalAccess (shExpMatch(host, "login.microsoftonline.com")) || (shExpMatch(host, "login.microsoft.com")) || (shExpMatch(host, "login.windows.net")) || // IP / Port test page (shExpMatch(host, "portquiz.net"))) { return bypassproxy } // ========================================================= // Section 4: Default Traffic /* Default Traffic Forwarding. Forwarding to Zen on port 80, but you can use port 9400 also */ return tozscaler } |