This PAC file is for devices.
- Section 1 contains the Standard values to send DIRECT Private Networks, non-FQDN and FTP.
- Section 2 contains the definition of the variables "tonetskope" and "bypassproxy". Below some examples.
- Section 3 contains the Bypasses to send via Proxy Bypass.
Examples of variables definition.
(Note: The Full PAC files are attached at the bottom of this article)
| Example 1: Only one CSC on the organization. In this case, if "172.19.0.61" and "172.19.0.62" are reachable, the device will use the CSC. If not, the device will go DIRECT. |
// ========================================================= // Section 2: Define Variables var tonetskope = "PROXY 172.19.0.61:80; DIRECT"; var bypassproxy = "PROXY 172.19.0.62:3128; DIRECT"; // ========================================================= |
| Example 2: 3 x CSC on the organization. CSC A receives communications from internal network 10.1.0.0/16, CSC B receives communications from internal network 10.2.0.0/16, and CSC C receives communications from internal network 10.3.0.0/16 and 192.168.0.0/24. All are backup of each other. |
// ========================================================= // Section 2: Define Variables // Users off Corporate Network. (Direct to Internet) var tonetskope = "DIRECT"; var bypassproxy = "DIRECT"; /* Another option for "bypassproxy". If you are using Netskope Private Access, you can reach "bypassproxy" destinations using the Company Public IPs even if you are OFF Network*/ // Here the setting: // var bypassproxy = "PROXY <csc-bypass-A>:3128; PROXY <csc-bypass-B>:3128; PROXY <csc-bypass-C>:3128;DIRECT"; // User at Network 10.1.0.0/16 -> CSC A Primary if (isInNet(myIpAddress(), "10.1.0.0", "255.255.0.0")) { var tonetskope = "PROXY <csc-vip-A>:80; PROXY <csc-vip-B>:80; PROXY <csc-vip-C>:80"; var bypassproxy = "PROXY <csc-bypass-A>:3128; PROXY <csc-bypass-B>:3128; PROXY <csc-bypass-C>:3128"; } // User at Network 10.2.0.0/16 -> CSC B Primary if (isInNet(myIpAddress(), "10.2.0.0", "255.255.0.0")) { var tonetskope = "PROXY <csc-vip-B>:80; PROXY <csc-vip-A>:80; PROXY <csc-vip-C>:80"; var bypassproxy = "PROXY <csc-bypass-B>:3128; PROXY <csc-bypass-A>:3128; PROXY <csc-bypass-C>:3128"; } // User at Network 10.3.0.0/16 and 192.168.0.0/24 -> CSC C Primary if ((isInNet(myIpAddress(), "10.3.0.0", "255.255.0.0")) || (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0"))) { var tonetskope = "PROXY <csc-vip-C>:80; PROXY <csc-vip-B>:80; PROXY <csc-vip-A>:80"; var bypassproxy = "PROXY <csc-bypass-C>:3128; PROXY <csc-bypass-B>:3128; PROXY <csc-bypass-A>:3128"; } // ========================================================= |
Full PAC file Example 1.
function FindProxyForURL(url, host) { // ========================================================= // Section 1: Standard PAC values var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/; var resolved_ip = dnsResolve(host); /* Don't send non-FQDN or private IP auths to us */ if (isPlainHostName(host) || isInNet(resolved_ip, "192.0.2.0", "255.255.255.0") || privateIP.test(resolved_ip)) return "DIRECT"; /* FTP goes directly */ if (url.substring(0, 4) == "ftp:") return "DIRECT"; // ========================================================= // Section 2: Define Variables var tonetskope = "PROXY 172.19.0.61:80; DIRECT"; var bypassproxy = "PROXY 172.19.0.62:3128; DIRECT"; // ========================================================= // Section 3: bypassproxy via Cloud Security Connectors // bypassproxy via CSC Public IPs (Examples) // O365 Domains for ConditionalAccess if ((shExpMatch(host, "login.microsoftonline.com")) || (shExpMatch(host, "login.microsoft.com")) || (shExpMatch(host, "login.windows.net")) || // IP / Port test page (shExpMatch(host, "portquiz.net"))) { return bypassproxy } // ========================================================= // Section 4: Default Traffic // Default Traffic Forwarding. return tonetskope } |
Full PAC Example 2:
function FindProxyForURL(url, host) { // ========================================================= // Section 1: Standard PAC values var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/; var resolved_ip = dnsResolve(host); /* Don't send non-FQDN or private IP auths to us */ if (isPlainHostName(host) || isInNet(resolved_ip, "192.0.2.0", "255.255.255.0") || privateIP.test(resolved_ip)) return "DIRECT"; /* FTP goes directly */ if (url.substring(0, 4) == "ftp:") return "DIRECT"; // ========================================================= // Section 2: Define Variables // Users off Corporate Network. (Direct to Internet) var tonetskope = "DIRECT"; var bypassproxy = "DIRECT"; /* Another option for "bypassproxy". If you are using Netskope Private Access, you can reach "bypassproxy" destinations using the Company Public IPs even if you are OFF Network*/ // Here the setting: // var bypassproxy = "PROXY <csc-bypass-A>:3128; PROXY <csc-bypass-B>:3128; PROXY <csc-bypass-C>:3128;DIRECT"; // User at Network 10.1.0.0/16 -> CSC A Primary if (isInNet(myIpAddress(), "10.1.0.0", "255.255.0.0")) { var tonetskope = "PROXY <csc-vip-A>:80; PROXY <csc-vip-B>:80; PROXY <csc-vip-C>:80"; var bypassproxy = "PROXY <csc-bypass-A>:3128; PROXY <csc-bypass-B>:3128; PROXY <csc-bypass-C>:3128"; } // User at Network 10.2.0.0/16 -> CSC B Primary if (isInNet(myIpAddress(), "10.2.0.0", "255.255.0.0")) { var tonetskope = "PROXY <csc-vip-B>:80; PROXY <csc-vip-A>:80; PROXY <csc-vip-C>:80"; var bypassproxy = "PROXY <csc-bypass-B>:3128; PROXY <csc-bypass-A>:3128; PROXY <csc-bypass-C>:3128"; } // User at Network 10.3.0.0/16 and 192.168.0.0/24 -> CSC C Primary if ((isInNet(myIpAddress(), "10.3.0.0", "255.255.0.0")) || (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0"))) { var tonetskope = "PROXY <csc-vip-C>:80; PROXY <csc-vip-B>:80; PROXY <csc-vip-A>:80"; var bypassproxy = "PROXY <csc-bypass-C>:3128; PROXY <csc-bypass-B>:3128; PROXY <csc-bypass-A>:3128"; } // ========================================================= // Section 3: bypassproxy via Cloud Security Connectors // bypassproxy via CSC Public IPs (Examples) // O365 Domains for ConditionalAccess if ((shExpMatch(host, "login.microsoftonline.com")) || (shExpMatch(host, "login.microsoft.com")) || (shExpMatch(host, "login.windows.net")) || // IP / Port test page (shExpMatch(host, "portquiz.net"))) { return bypassproxy } // ========================================================= // Section 4: Default Traffic // Default Traffic Forwarding. return tonetskope } |