Traffic Forwarding Options For Desktops

Option

Pros

Cons

PAC files

  • All major browsers support PAC files.

  • These files are easy to deploy using Active Directory.

  • Users are protected, whether within or outside the network.

  • Users with administrator rights can bypass TMWS by installing a non-standard browser.

  • Users can manually change the proxy setting to no proxy to bypass it.

Proxy Chaining

If your organization enforces traffic using a company proxy server, configure your proxy server to point upstream traffic to TMWS.

  • Setup is easy.

  • Multiple rules offer full redundancy.

  • Most web proxies support proxy chaining.

  • Users cannot bypass this method.

Users outside the network are unprotected.

Port Forwarding

  • Setup is easy.

  • Every major firewall supports port forwarding.

  • Users cannot bypass this method.

  • Port forwarding supports HTTP and HTTPS traffic.

  • This method requires a manual change if the primary gateway is unavailable.

  • Users outside the network are unprotected.

  • This method does not support transparent authentication.

Recommendations

  • Proxy Auto Configuration (PAC) file is best when your organization already has proxy configured and when supporting clients that often work outside the network.

    Manually deploy the PAC file to client browsers or enforce the use of the PAC file by creating an Active Directory GPO or using the TMWS Enforcement Agent.

  • Proxy chaining is best when you already have a proxy.

  • PAC files and proxy chaining can be used concurrently.

  • Only use port forwarding when necessary because it requires additional configuration.

    Note:

    Port forwarding is not supported on on-premises gateways.

PAC File Management and Deployment

Perform the following tasks to allow desktops to forward traffic to TMWS using PAC files.

PAC Files Management

Identify the PAC files to use. You can use the default file that came with this product or add custom PAC files.

Go to Administration > SERVICE DEPLOYMENT > PAC Files.

PAC Files Deployment

There are several ways to use PAC files for traffic forwarding.

  • Manually configure supported desktop browsers to reference the location of a PAC file.

    See Browser Configuration.

  • Use Active Directory GPO (Group Policy Object) to enforce the use of a PAC file for traffic forwarding.

    See GPO Creation.

  • Install the TMWS Enforcement Agent to client machines to enforce the use of a PAC file for traffic forwarding and to automatically deploy the TMWS certificate to supported browsers.

    See Enforcement Agent Settings and Downloads.