Depending on how your network operates, you may need to use a Proxy Auto-Config (PAC) or Web Proxy Autodiscovery Protocol (WPAD) to define how web browsers and other user agents choose the appropriate proxy server (access method) when fetching a URL. This article outlines how you can manage your Smoothwall PAC and WPAD scripts when you have a Smoothwall On-Premise Appliance.
Before you begin
Check your requirements
Check if you use Kerberos authentication and whether you will refer to the proxy by domain name or IP address. If you use Kerberos authentication, domains, or both, you must edit the default script or use the template.
Check your Interfaces and Authentication policies
You can only have one script per Interface and IP address.
- Go to Network > Configuration > Interfaces to check your interfaces and add a new one if required. Add a different IP address than your existing interfaces.
- Add a Non-transparent Web Proxy Authentication policy for the interface for Proxy authentication.
Check your DNS configuration
If you want to refer to the proxy by domain name rather than IP address, ensure you have a valid DNS configuration that resolves correctly for your hostname.
- Refer to your DNS provider's documentation if you don’t manage DNS through Smoothwall.
- If you manage DNS through Smoothwall, you can see the hostname in System > Preferences > Hostname. Contact Smoothwall Support if you are unsure what settings to check.
Step 1: Create a PAC or WPAD script
You can edit Smoothwall’s default scripts. You can also download a template to create a customised script and upload it to Smoothwall or host it on another server.
Manage your built-in script
- Go to Web Proxy > Web proxy > Automatic configuration. Smoothwall uses the Built-in option by default.
- Smoothwall uses the Bypass proxy server for local addresses option by default.
- We recommend using this option when you are hosting within the same network. The browser bypasses the proxy so Smoothwall doesn’t apply filtering, which is more efficient for your network.
Important
he browser can bypass the proxy only if the address is a hostname (for example, myhostname). It can’t bypass the proxy when you use a Fully Qualified Domain Name (FQDN), such as myhostname.example.local.
- If you don’t want to bypass the proxy, clear the checkbox.
- We recommend using this option when you are hosting within the same network. The browser bypasses the proxy so Smoothwall doesn’t apply filtering, which is more efficient for your network.
- If you don’t want to refer to the proxy by IP addresses or use Kerberos authentication, select the Refer to the proxy by domain name option.
- Next, add anything you don’t want to be proxied, which will bypass Smoothwall filtering. For example, you may need to exclude your internal local phone system.
- In the Exception domains and IP addresses box, enter an IP address, IP address range, network address or hostname that users access directly.
- Select Advanced, and in the Exception regular expression domains box, enter one regular expression domain per line that users access directly. For example, adding ^(.*\.)?youtube\.com$ works for youtube.com and subdomains, but not fakeyoutube.com
- Select Save.
Use a custom script
- Go to Web Proxy > Web proxy > Automatic configuration.
- Select the Custom script template option.
- Select Download to download the template.
- Build your custom script outside of Smoothwall. You can save it with a new name to distinguish it from the initial template.
- Return to Web Proxy > Web proxy > Automatic configuration.
- Select Choose File and select the script.
- Select Upload.
- Select Save.
Step 2: Manage your script policies
Add a policy
- Go to Web Proxy > Web proxy > Automatic configuration.
- In the Manage configuration script policy section, select the interface to which the script should direct clients.
- Select Save.
Edit a policy
- Go to Web Proxy > Web proxy > Automatic configuration.
- Go to the Configuration script policy section.
- Select your policy:
- When you only have one interface and one Non-transparent Proxy authentication policy, you will have one Configuration script policy, and the pencil icon is not clickable. Your policy is selected automatically.
- If you have more than one interface and one Non-transparent Proxy authentication policy, you can select the pencil icon for the Configuration script policy you want to edit.
- Make any changes to this policy and then select Save.
Delete a policy
- Go to Web Proxy > Web proxy > Automatic configuration.
- In the Configuration script policy section, select the X icon.
- On the next page, select Delete.
Step 3: Use the script
Download the script
Download your file by going to:
- http://[IP.or.hostname].Smoothwall/proxy.pac
- http://[IP.or.hostname].Smoothwall/wpad.dat
Direct to the script
You can enter the script address into your systems to use the script.
- For the PAC script address, go to Web proxy > Web proxy > Settings. The address is listed under Available proxy settings > Automatic configuration script address.
- For WPAD, set your DNS host as 'wpad.X' (where X is your domain name).