PAC File Configuration

Add domains to your existing PAC files to bypass proxy handling, or add new custom PAC files.

The PAC file proxy-based solution forwards your end-user traffic to the Internet Access Gateway that enforces Internet Access Control rules.

To find out about other traffic forwarding options, see Traffic Forwarding Options for Internet Access.

  1. On the Trend Micro Vision One console, go to Zero Trust Secure Access > Secure Access Configuration > Internet Access Configuration.
  2. On the PAC Files tab:
    • Create a new PAC file by clicking Add.

    • Edit an existing PAC file by clicking the Edit () icon in the Action column.

  3. Specify a unique PAC file name and Description.
  4. For customers who want to automatically populate the proxy bypass list for supported apps, enable the following:
    • Bypass proxy for network requests to Microsoft Office 365

    • Bypass proxy for network requests to Google

  5. Choose how to edit the PAC file by selecting an Edit mode.
    • Basic mode adds domains to the file using the user interface and does not affect any other code.

      Supports multi-byte encoded and non-ASCII characters.

    • Advanced mode displays the complete contents of the file in an editable field.

      If you have an existing PAC file, copy the code, and paste into the field.

    Important:

    When also using Zero Trust Secure Access Private Access, you must include but not modify the following arguments:

    • isInNet(ip, "100.64.0.0", "255.255.0.0");

    • var DNSNeedResolve = true;

    The arguments ensure that Private Access traffic whose destination IP address falls in the 100.64.0.0 network segment after local DNS resolution is by-passed.

    When using your own PAC file, ensure that you add the Private Access by-pass code. The following example adds the network segment to by-pass Private Access traffic forwarding to the Internet Access Gateway.

    if isInNet(dnsResolve(host), "100.64.0.0", "255.255.0.0")
       return 'DIRECT';

    Zero Trust Secure Access automatically adds the following domains to PAC files:

    • windowsupdate.microsoft.com

    • *.windowsupdate.microsoft.com

    • *.update.microsoft.com

    • *.windowsupdate.com

    • download.microsoft.com

    • ntservicepack.microsoft.com

    • officecdn.microsoft.com

    • officecdn.microsoft.com.edgesuite.net

  6. Click Save.
  7. (Optional) Deploy the modified PAC file to the target devices with the Secure Access Module installed.
    1. In the Applied module column, click the Apply () icon.
    2. Select the operating systems to apply the PAC file to.
      Important:

      Each operating system can only have one applied PAC file.

    The PAC file replacement takes effect within a few minutes.