Secure Endpoint Mac Proxy Automatic Configuration (PAC) Setup Guide

Available Languages

Download Options

  • PDF     (97.5 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (151.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (114.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:June 7, 2023
Document ID:220492

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes setup guidance for Proxy Automatic Configuration (PAC) on Cisco Secure Endpoint Mac connector 1.22.0 and later.

    Supported Operating System versions

    • macOS Big Sur (11.0) or later

    Setup

    Prepare a valid PAC file that specifies the IP address and proxy server type (macOS supports HTTP, HTTPS, and SOCKS proxies) and host the PAC file on an HTTP or HTTPS (no authentication) server.

    The system adminstrator can enable the feature with these steps:

    1. Select Automatic proxy configuration in the proxies system network settings:Proxies system network settings
    2. Provide a URL to the PAC file. For example, http://192.0.0.1:8080/proxy.pac:PAC file URL
    3. Choose MacOS Auto Proxy Configuration in the Proxy Type dropdown list in the web console to enable the PAC policy option.
    4. Sync the connector policy with the ampcli sync command in a Terminal session.

    The connector attempts to use the proxy connection information specified in the PAC file automatically.

    Additional Information

    • The connector queries the proxy information provided by the PAC file every 30 minutes.
    • This is an example of a valid PAC file:
    function FindProxyForURL(url, host) { 
// If the hostname matches, send direct. 
    if (dnsDomainIs(host, "someurl.cisco.com") || 
        shExpMatch(host, "(*.cisco.com|cisco.com)")) 
        return "DIRECT"; 
// If the protocol or URL matches, send direct. 
    if (url.substring(0, 4)=="ftp:" || 
        shExpMatch(url, "http://cisco.com/folder/*")) 
        return "DIRECT"; 
// DEFAULT RULE: All other traffic, use below proxies, in fail-over order. 
    return "PROXY 4.5.6.7:8080; PROXY 7.8.9.10:8080"; }

    Restrictions

    • The PAC file can not be hosted in a server that requires authentication.
    • Secure Endpoint can only support a PAC file that specifies unauthenticated proxies.

    Revision History

    Revision Publish Date Comments
    1.0
    07-Jun-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products