Guides
ProductDeveloperPartnerPersonal

Manage Umbrella's PAC File

When configuring Umbrella's secure web gateway (SWG), you have several choices as to how you can send web traffic to Umbrella. One of those choices is to integrate a proxy auto-config (PAC) file URL into the browser that you use to reach destinations. Once integrated into your system, all traffic from that browser is redirected to Umbrella's secure web proxy. When deploying the SWG with a PAC file, Umbrella DNS policies are not enforced for traffic generated in the web browser. DNS policies apply to non-web browser traffic, which bypasses the PAC file.

Note: Umbrella limits PAC file downloads and usage to roaming computers on fixed networks. You must register your fixed networks with Umbrella. When roaming computers are located off the protected network or you use other connection mechanisms, Umbrella does not support PAC files.

👍

What is a PAC file?

A proxy auto-config (PAC) file defines the proxy server that a browser must use to fetch a URL.

For the most part, integrating Umbrella's PAC file into your system so that all browser-based traffic is proxied is a simple cut and paste procedure. There may, however, be occasions when you are required to customize the PAC file before integrating it into your system. For more information about deploying or customizing a PAC file, see:

Note: Microsoft has deprecated PAC file support for the file:// and ftp:// protocols in Windows 10 on Edge. Hosting the PAC file on the local machine does not work on the Microsoft Edge browser. For more information, see Windows 10 does not read a PAC file referenced by a file protocol.

To connect efficiently to Umbrella's SWG, allow the following CIDRs in your firewalls over TCP on ports 80 and 443:

  • 67.215.64.0/19
  • 146.112.0.0/16
  • 151.186.0.0/16
  • 155.190.0.0/16
  • 185.60.84.0/22
  • 204.194.232.0/21
  • 208.67.216.0/21
  • 208.69.32.0/21

We recommend that you bypass the following domains directly to allow all traffic over TCP on ports 80 and 443:

  • ocsp.int-x3.letsencrypt.org
  • isrg.trustid.ocsp.identrust.com
  • *.cisco.com
  • *.opendns.com
  • *.umbrella.com
  • *.okta.com
  • *.oktacdn.com
  • *.pingidentity.com
  • secure.aadcdn.microsoftonline-p.com

Note: When using an SSL-VPN, add the IP address of the VPN head-end to the external domains settings. For more information, see Manage Domains.


Test SSL Decryption < Manage Umbrella's PAC File > Deploy Umbrella's PAC File for Windows