Add domains to your existing PAC files to bypass proxy handling, or add new custom PAC files.
The PAC file proxy-based solution forwards your end-user traffic to the Internet
Access Gateway that enforces Internet Access Control rules.
To find out about other traffic forwarding options, see Traffic forwarding options for Internet Access and AI Service Access.
Procedure
- On the Trend Vision One console, go to .
- On the PAC Files tab:
-
Create a new PAC file by clicking Add.
-
Edit an existing PAC file by clicking the Edit () icon in the Action column.
-
- Specify a unique PAC file name and Description.
- For customers who want to automatically populate the proxy bypass list for
supported apps, enable the following:
-
Bypass proxy for network requests to Microsoft Office 365
-
Bypass proxy for network requests to Google
-
- Choose how to edit the PAC file by selecting an Edit
mode.
-
Basic mode adds domains to the file using the user interface and does not affect any other code.Supports multi-byte encoded and non-ASCII characters.
-
Advanced mode displays the complete contents of the file in an editable field.If you have an existing PAC file, copy the code, and paste into the field.
Important
When also using Zero Trust Secure Access Private Access, you must include but not modify the following arguments:-
isInNet(ip, "100.64.0.0", "255.255.0.0");
-
var DNSNeedResolve = true;
The arguments ensure that Private Access traffic whose destination IP address falls in the 100.64.0.0 network segment after local DNS resolution is by-passed.When using your own PAC file, ensure that you add the Private Access by-pass code. The following example adds the network segment to bypass Private Access traffic forwarding to the Internet Access Gateway.if isInNet(dnsResolve(host), "100.64.0.0", "255.255.0.0") return 'DIRECT';
Zero Trust Secure Access automatically adds the following domains to PAC files:-
windowsupdate.microsoft.com
-
*.windowsupdate.microsoft.com
-
*.update.microsoft.com
-
*.windowsupdate.com
-
download.microsoft.com
-
ntservicepack.microsoft.com
-
officecdn.microsoft.com
-
officecdn.microsoft.com.edgesuite.net
-
- (Optional) Add additional proxy FQDNs to your PAC file.
Note
Adding additional proxies requires editing the PAC file using advanced mode.- Obtain the FQDNs or IP addresses of the proxy servers you want to include in your
PAC file.Secure Access only allows the use of the following proxy FQDN or IP in PAC files:
-
Internet Access Cloud Gateway proxy
Tip
To see a list of the available cloud Internet Access Gateway proxy servers, go to Port and FQDN/IP address requirements and select your region. -
Internet Access On-Premises Gateway proxy
Tip
Trend Micro recommends using the FQDN of on-premises proxy servers.
-
- Locate the return value of the function
FindProxyForURL
. - Edit the return value of the function.The return value must be a string containing one or more of the following elements, separated by a semicolon.
-
PROXY <FQDN of proxy>:<port>
-
DIRECT
Note
Use the following port numbers:-
Cloud Gateway: 80
-
On-Premises Gateway: 8088
-
Note
If the first proxy server in the list fails, Secure Access connects to the next proxy servers in the list one by one in sequential order. - Obtain the FQDNs or IP addresses of the proxy servers you want to include in your
PAC file.
- Click Save.
- (Optional) Apply the modified PAC file to the target devices with the Secure
Access Module deployed.
- In the Applied platforms column, click the Apply () icon.
- Select the operating systems to apply the PAC file to.
Note
Each operating system can only have one applied PAC file.
The PAC file replacement takes effect within a few minutes.You can also replace the PAC file in the Secure Access Module by individual endpoint or endpoint group in the Secure Access Module screen. For more information, see PAC File replacement.Note
For a single endpoint, the PAC file applied by individual endpoint or endpoint group takes effect, regardless of the platform-based PAC file configured for the endpoint.