Add domains to your existing PAC files to bypass proxy handling, or add new custom PAC files.
The PAC file proxy-based solution forwards your end-user traffic to the Internet Access Gateway that enforces Internet Access Control rules.
To find out about other traffic forwarding options, see Traffic Forwarding Options for Internet Access.
Create a new PAC file by clicking Add.
Edit an existing PAC file by clicking the Edit () icon in the Action column.
Bypass proxy for network requests to Microsoft Office 365
Bypass proxy for network requests to Google
Basic mode adds domains to the file using the user interface and does not affect any other code.
Supports multi-byte encoded and non-ASCII characters.
Advanced mode displays the complete contents of the file in an editable field.
If you have an existing PAC file, copy the code, and paste into the field.
When also using Zero Trust Secure Access Private Access, you must include but not modify the following arguments:
isInNet(ip, "100.64.0.0", "255.255.0.0");
var DNSNeedResolve = true;
The arguments ensure that Private Access traffic whose destination IP address falls in the 100.64.0.0 network segment after local DNS resolution is by-passed.
When using your own PAC file, ensure that you add the Private Access by-pass code. The following example adds the network segment to by-pass Private Access traffic forwarding to the Internet Access Gateway.
if isInNet(dnsResolve(host), "100.64.0.0", "255.255.0.0") return 'DIRECT';
Zero Trust Secure Access automatically adds the following domains to PAC files:
Adding additional proxies requires editing the PAC file using advanced mode.
Secure Access only allows the use of the following proxy FQDN or IP in PAC files:
Cloud SASE-SWG service (Internet Access) proxy
To see a list of the available cloud SASE-SWG service (Internet Access) proxy servers, go to Port and FQDN Requirements and select your region.
On-premises SASE-SWG proxy
Trend Micro recommends using the FQDN of on-premises proxy servers.
The return value must be a string containing one or more of the following elements, separated by a semicolon.
PROXY <FQDN of proxy>:<port>
PROXY proxy1.mydomain.com:8080; PROXY proxy2.mydomain.com:8080; PROXY proxy3.mydomain.com:8080; DIRECT
If the first proxy server in the list fails, Secure Access connects to the next proxy servers in the list one by one in sequential order.
Each operating system can only have one applied PAC file.
The PAC file replacement takes effect within a few minutes.