Manage PAC Files

Cisco Secure Access provides several client configuration options to manage the web traffic and internet security for the user devices in your organization. You can integrate a proxy auto-config (PAC) file URL for the browsers that you use to reach web resources. The browser-based traffic is proxied through the Secure Access secure web gateway.

After you integrate a PAC file on a device, all traffic through the browser is redirected to the secure web gateway (SWG). Secure Access applies DNS-layer security to browser traffic for non-web resources only, which bypasses the PAC file.

What is a PAC file?

A proxy auto-config (PAC) file is used by browsers to select the correct proxy server that can fetch a requested URL.

Recommendations

To download the Secure Access PAC file or custom PAC files, connect to Secure Access on a Registered Network or Network Tunnel.

You can use the default Secure Access PAC file or custom PAC files. For more information about deploying, customizing, or uploading a PAC file, see:

Integrating the Secure Access PAC file on the user devices in your organization so that all browser-based traffic is proxied is straightforward. However, you may have to customize the PAC file before integrating it into your system.

Note: Microsoft has deprecated PAC file support for the file:// and ftp:// protocols in Windows 10 on Edge. Hosting the PAC file on the local machine with the Edge browser is not supported. For more information, see Windows 10 does not read a PAC file referenced by a file protocol.

We recommend that you bypass these domains in your environment for traffic with TCP on ports 80 and 443:

  • ocsp.int-x3.letsencrypt.org
  • isrg.trustid.ocsp.identrust.com
  • *.opendns.com
  • *.sse.com
  • *.umbrella.com
  • *.okta.com
  • *.oktacdn.com
  • *.pingidentity.com
  • secure.aadcdn.microsoftonline-p.com

Configure Cisco Secure Client Settings < Manage PAC Files > Deploy the Secure Access PAC File for Windows