Manage Umbrella's PAC File
When configuring Umbrella's secure web gateway (SWG), you have several choices as to how you can send web traffic to Umbrella. One of those choices is to integrate a proxy auto-config (PAC) file URL into the browser that you use to reach destinations.
After you deploy a PAC file in a browser, all traffic from that browser is redirected to Umbrella's secure web proxy. When deploying the SWG with a PAC file, Umbrella DNS policies are not enforced for traffic generated in the web browser. DNS policies apply to non-web browser traffic, which bypasses the PAC file.
To download the Umbrella PAC file or custom PAC files, connect to Umbrella on a fixed Network or Network Tunnel. Register your fixed networks and network tunnels with Umbrella.
What is a PAC file?
A proxy auto-config (PAC) file defines the proxy server that a browser must use to fetch a URL.
You can use the default Umbrella PAC file or custom PAC files. For more information about deploying, customizing, or uploading a PAC file, see:
- Deploy Umbrella's PAC File for Windows
- Deploy Umbrella's PAC File for Mac
- Customize Umbrella's PAC File
- Upload Custom PAC Files to Umbrella
Note: Microsoft has deprecated PAC file support for the file://
and ftp://
protocols in Windows 10 on Edge. Hosting the PAC file on the local machine does not work on the Microsoft Edge browser. For more information, see Windows 10 does not read a PAC file referenced by a file protocol.
To connect efficiently to Umbrella's SWG, allow the following CIDRs in your firewalls over TCP on ports 80 and 443:
- 67.215.64.0/19
- 146.112.0.0/16
- 151.186.0.0/16
- 155.190.0.0/16
- 185.60.84.0/22
- 204.194.232.0/21
- 208.67.216.0/21
- 208.69.32.0/21
We recommend that you bypass the following domains directly to allow all traffic over TCP on ports 80 and 443:
- ocsp.int-x3.letsencrypt.org
- isrg.trustid.ocsp.identrust.com
- *.cisco.com
- *.opendns.com
- *.umbrella.com
- *.okta.com
- *.oktacdn.com
- *.pingidentity.com
- secure.aadcdn.microsoftonline-p.com
Note: When using an SSL-VPN, add the IP address of the VPN head-end to the external domains settings. For more information, see Manage Domains.
Test SSL Decryption < Manage Umbrella's PAC File > Deploy Umbrella's PAC File for Windows
Updated 4 months ago