Manage PAC Files

Cisco Secure Access provides several client configuration options to manage the web traffic and internet security for the user devices in your organization. You can integrate a proxy auto-config (PAC) file URL for the browsers that you use to reach web resources. The browser-based traffic is proxied through the Secure Access secure web gateway.

After you integrate a PAC file on a device, all traffic through the browser is redirected to the secure web gateway (SWG). Secure Access applies DNS-layer security to browser traffic for non-web resources only, which bypasses the PAC file.

What is a PAC file?

A proxy auto-config (PAC) file is used by browsers to select the correct proxy server that can fetch a requested URL.

Known Limitations

As an administrator, you can download and deploy the Secure Access PAC file only if you are on a network that has been added as a Registered Network to Secure Access. PAC files are not supported for other connection mechanisms.

Recommendations

Integrating the Secure Access PAC file on the user devices in your organization so that all browser-based traffic is proxied is straightforward. However, you may have to customize the PAC file before integrating it into your system.

Note: Microsoft has deprecated PAC file support for the file:// and ftp:// protocols in Windows 10 on Edge. Hosting the PAC file on the local machine with the Edge browser is not supported. For more information, see Windows 10 does not read a PAC file referenced by a file protocol.

We recommend that you bypass the following domains directly to allow all traffic with TCP on ports 80 and 443:

  • ocsp.int-x3.letsencrypt.org
  • isrg.trustid.ocsp.identrust.com
  • *.cisco.com
  • *.opendns.com
  • *.sse.com
  • *.umbrella.com
  • *.okta.com
  • *.oktacdn.com
  • *.pingidentity.com
  • secure.aadcdn.microsoftonline-p.com

Manage Internet Security < Manage PAC Files > Deploy the Secure Access PAC File for Windows