Skip to main content

Netskope Client and PAC files

  • January 24, 2023
  • 2 replies
  • 2142 views
M
Netskope Employee
Forum|alt.badge.img+13
  • MM_NS
  • Netskope Employee
  • 8 replies

If you have PAC files or WPAD deployed to user base here are recommended settings:

 

1. Following traffic needs to go via PAC
 
 
2. Following traffic needs to go DIRECT
dns.google
 
 
3. Do not use Netskope consolidated IP ranges in the PAC file. If you add global range the "addon" traffic will also fall under that range.
 
 
Sample PAC file:
 
Here is a typical PAC file syntax. Check what's the ultimate "return" statement. The address "163.116.128.80:8080"  in this PAC file is the Netskope Explicit Proxy over Tunnel IP address. 
 

{

<snip>

..

..

/* Don't proxy to access to Netskope URLs for clients     */

      if (shExpMatch(host, 'gateway-<TENANT_NAME>.goskope.com'))

         { return 'DIRECT'; }

(repeat for the other domains in # 2 above)

<snip>

...

...

 

/* Use on-prem proxy unless client IP is in scope for cloud proxy */

/*      if (isInNet(clientIP, '10.102.4.0', '255.255.255.0')      */

/*          || isInNet(clientIP, '10.102.16.0', '255.255.255.0')  */

/*        { return 'PROXY 163.116.128.80:8080; DIRECT';}    */

 

/* When not handled above, use on-prem proxy */

       return 'PROXY bcproxy.TENANT_NAME.com:80; DIRECT'; }

 
 

Contact your Bluecoat or PAC file administrator for the syntax in your version of the PAC file. Most PAC files have a If and 

 

This topic has been closed for replies.

2 replies

Rohit_Bhaskar
Netskope Employee
Forum|alt.badge.img+20
  • Rohit_Bhaskar
  • Netskope Employee
  • 492 replies
  • January 25, 2023

Thanks for sharing with our Netskope community @MM_NS 😀

Best Wishes, Rohit Bhaskar
NicolaScand
Netskope Partner
Forum|alt.badge.img+7
  • NicolaScand
  • Netskope Partner
  • 3 replies
  • January 11, 2025

Hi MM_NS,

that's very interesting what you wrote. Does this happen in a scenario where you have the PAC File and the Netskope Client with steering active? If so, why is it necessary to pass addon-<TENANT-NAME>.goskope.com from the pac file and not in direct?

 

Thanks.

Nicola

 

Badges Winner

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsCookie settingsAccessibility statement