Netskope Client and PAC files

  • 24 January 2023
  • 1 reply
  • 489 views

Userlevel 3
Badge +13
  • Netskope Employee
  • 8 replies

If you have PAC files or WPAD deployed to user base here are recommended settings:

 

1. Following traffic needs to go via PAC
 
 
2. Following traffic needs to go DIRECT
dns.google
 
 
3. Do not use Netskope consolidated IP ranges in the PAC file. If you add global range the "addon" traffic will also fall under that range.
 
 
Sample PAC file:
 
Here is a typical PAC file syntax. Check what's the ultimate "return" statement. The address "163.116.128.80:8080"  in this PAC file is the Netskope Explicit Proxy over Tunnel IP address. 
 

{

<snip>

..

..

/* Don't proxy to access to Netskope URLs for clients     */

      if (shExpMatch(host, 'gateway-<TENANT_NAME>.goskope.com'))

         { return 'DIRECT'; }

(repeat for the other domains in # 2 above)

<snip>

...

...

 

/* Use on-prem proxy unless client IP is in scope for cloud proxy */

/*      if (isInNet(clientIP, '10.102.4.0', '255.255.255.0')      */

/*          || isInNet(clientIP, '10.102.16.0', '255.255.255.0')  */

/*        { return 'PROXY 163.116.128.80:8080; DIRECT';}    */

 

/* When not handled above, use on-prem proxy */

       return 'PROXY bcproxy.TENANT_NAME.com:80; DIRECT'; }

 
 

Contact your Bluecoat or PAC file administrator for the syntax in your version of the PAC file. Most PAC files have a If and 

 


1 reply

Userlevel 4
Badge +17

Thanks for sharing with our Netskope community @MM_NS 😀

Reply