We are setting up a VPN connection for all our clients and was looking to make all web browsing (except Office Apps) go via the UTM for filtering when connected. I have tried setting the settings in the IE settings to get the Proxy Pac file from the UTM via http://UTM.IP.Address:Port/wpad.dat. If you web browse to this address it downloads the dat file. However it doesnt seem to be actioning the Bypass Proxy option and all traffic seems to go through the UTM still.
I have also tried to add the VPN Proxy settings and select use setup script and point it to the address and port of the proxy. This also does not seem to work.
I have managed to get the Sophos endpoint to bypass the Proxy by setting the option in the Sophos Cloud for Proxy Configuration, and clients update both when they are connected and not connected to the VPN
as sample of my pac file is as below
function FindProxyForURL(url, host) {
// NetBIOS-names
if (isPlainHostName(host))
return "DIRECT";
// change to lower case, if not already been done
host = host.toLowerCase();
// internal DNS-suffixes
if (shExpMatch(host, "*.corp.company.com")
|| shExpMatch(host, "clients.config.office.net")
|| shExpMatch(host, "autodiscover.greenvale.co.uk")
|| shExpMatch(host, "dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com")
|| shExpMatch(host, "skydrive.wns.windows.com")
|| shExpMatch(host, "*.akamaized.net")
|| shExpMatch(host, "*.compliance.microsoft.com")
|| shExpMatch(host, "*.events.data.microsoft.com")
|| shExpMatch(host, "*.lync.com")
|| shExpMatch(host, "*.mail.protection.outlook.com")
|| shExpMatch(host, "*.measure.office.net")
|| shExpMatch(host, "*.msftidentity.com")
|| shExpMatch(host, "*.msidentity.com")
|| shExpMatch(host, "*.officeapps.live.com")
|| shExpMatch(host, "*.online.office.com")
|| shExpMatch(host, "*.outlook.office.com")
|| shExpMatch(host, "*.protection.office.com")
|| shExpMatch(host, "*.protection.outlook.com")
|| shExpMatch(host, "*.security.microsoft.com")
|| shExpMatch(host, "*.onenote.com")
|| shExpMatch(host, "*.sharepoint.com")
|| shExpMatch(host, "*.skypeforbusiness.com")
|| shExpMatch(host, "*.teams.microsoft.com")
|| shExpMatch(host, "*.yammer.com")
|| shExpMatch(host, "*.assets-yammer.com")
|| shExpMatch(host, "*.relay.teams.microsoft.com")
|| shExpMatch(host, "account.activedirectory.windowsazure.com")
|| shExpMatch(host, "aefd.nelreports.net")
|| shExpMatch(host, "teams-ring.msedge.net")
|| shExpMatch(host, "fp-afd.azureedge.net")
|| shExpMatch(host, "account.office.net")
|| shExpMatch(host, "manage-us.kaiza.la")
|| shExpMatch(host, "accounts.accesscontrol.windows.net")
|| shExpMatch(host, "activity.windows.com")
|| shExpMatch(host, "adminwebservice.microsoftonline.com")
|| shExpMatch(host, "amcdn.msftauth.net")
|| shExpMatch(host, "api.passwordreset.microsoftonline.com")
|| shExpMatch(host, "api.userstore.skype.com")
|| shExpMatch(host, "autologon.microsoftazuread-sso.com")
|| shExpMatch(host, "b.config.skype.com")
|| shExpMatch(host, "becws.microsoftonline.com")
|| shExpMatch(host, "broadcast.skype.com")
|| shExpMatch(host, "clientconfig.microsoftonline-p.net")
|| shExpMatch(host, "companymanager.microsoftonline.com")
|| shExpMatch(host, "compliance.microsoft.com")
|| shExpMatch(host, "contacts.zoho.com")
|| shExpMatch(host, "cdn.fluidpreview.office.net")
|| shExpMatch(host, "cxcs.cdn.office.net")
|| shExpMatch(host, "device.login.microsoftonline.com")
|| shExpMatch(host, "eafc.nelreports.net")
|| shExpMatch(host, "ecs.office.com")
|| shExpMatch(host, "europe.smartscreen.microsoft.com")
|| shExpMatch(host, "contentsync.onenote.com")
|| shExpMatch(host, "hierarchyapi.onenote.com")
|| shExpMatch(host, "fonts.gstatic.com")
|| shExpMatch(host, "fp.msedge.net")
|| shExpMatch(host, "graph.microsoft.com")
|| shExpMatch(host, "graph.windows.net")
|| shExpMatch(host, "greenvalecouk-my.sharepoint.com")
|| shExpMatch(host, "itsupport.gvcloud.co.uk")
|| shExpMatch(host, "login.microsoft.com")
|| shExpMatch(host, "login.microsoftonline.com")
|| shExpMatch(host, "login.microsoftonline-p.com")
|| shExpMatch(host, "login.windows.net")
|| shExpMatch(host, "logincert.microsoftonline.com")
|| shExpMatch(host, "loginex.microsoftonline.com")
|| shExpMatch(host, "login-us.microsoftonline.com")
|| shExpMatch(host, "nexus.microsoftonline-p.com")
|| shExpMatch(host, "ntp.msn.com")
|| shExpMatch(host, "office.live.com")
|| shExpMatch(host, "onedrive.live.com")
|| shExpMatch(host, "outlook.office.com")
|| shExpMatch(host, "outlook.office365.com")
|| shExpMatch(host, "passwordreset.microsoftonline.com")
|| shExpMatch(host, "protection.office.com")
|| shExpMatch(host, "provisioningapi.microsoftonline.com")
|| shExpMatch(host, "outlook-1.cdn.office.net")
|| shExpMatch(host, "s0-azure.assets-yammer.com")
|| shExpMatch(host, "res-1.cdn.office.net")
|| shExpMatch(host, "security.microsoft.com")
|| shExpMatch(host, "spo-ring.msedge.net")
|| shExpMatch(host, "storage.live.com")
|| shExpMatch(host, "smtp.office365.com")
|| shExpMatch(host, "teams.microsoft.com")
|| shExpMatch(host, "teams.nel.measure.office.net")
|| shExpMatch(host, "tipengine.zoho.com")
|| shExpMatch(host, "uci.cdn.office.net")
|| shExpMatch(host, "wns.windows.com")
|| shExpMatch(host, "www.yammer.com")
|| shExpMatch(host, "*.akadns.net")
|| shExpMatch(host, "*.akam.net")
|| shExpMatch(host, "*.akamai.com")
|| shExpMatch(host, "*.akamai.net")
|| shExpMatch(host, "*.akamaiedge.net")
|| shExpMatch(host, "*.akamaihd.net")
|| shExpMatch(host, "*.akamaized.net")
|| shExpMatch(host, "*.blob.core.windows.net")
|| shExpMatch(host, "*.edgekey.net")
|| shExpMatch(host, "*.edgesuite.net")
|| shExpMatch(host, "sfgbr.loki.delve.office.com")
|| shExpMatch(host, "autodiscover-s.outlook.com")
|| shExpMatch(host, "*-admin.sharepoint.com")
|| shExpMatch(host, "*-files.sharepoint.com")
|| shExpMatch(host, "*-myfiles.sharepoint.com")
|| shExpMatch(host, "cdn.odc.officeapps.live.com")
|| shExpMatch(host, "*.office.com")
|| shExpMatch(host, "dci.sophosupd.com")
|| shExpMatch(host, "dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com")
|| shExpMatch(host, "mcs2-cloudstation-us-east-2.prod.hydra.sophos.com")
|| shExpMatch(host, "mcs.stn100yul.ctr.sophos.com")
|| shExpMatch(host, "mcs2.stn100yul.ctr.sophos.com")
|| shExpMatch(host, "d1.sophosupd.com")
|| shExpMatch(host, "d2.sophosupd.com")
|| shExpMatch(host, "d3.sophosupd.com")
|| shExpMatch(host, "dci.sophosupd.net")
|| shExpMatch(host, "d1.sophosupd.net")
|| shExpMatch(host, "d2.sophosupd.net")
|| shExpMatch(host, "d3.sophosupd.net")
|| shExpMatch(host, "t1.sophosupd.com")
|| shExpMatch(host, "sus.sophosupd.com")
|| shExpMatch(host, "sus.sophosupd.net")
|| shExpMatch(host, "sdds3.sophosupd.com")
|| shExpMatch(host, "sdds3.sophosupd.net")
|| shExpMatch(host, "sdu-feedback.sophos.com")
|| shExpMatch(host, "sophosxl.net")
|| shExpMatch(host, "4.sophosxl.net")
|| shExpMatch(host, "samples.sophosxl.net")
|| shExpMatch(host, "cloud.sophos.com")
|| shExpMatch(host, "id.sophos.com")
|| shExpMatch(host, "central.sophos.com")
|| shExpMatch(host, "downloads.sophos.com")
|| shExpMatch(host, "*.ctr.sophos.com")
|| shExpMatch(host, "*.hydra.sophos.com")
|| shExpMatch(host, "*.d.akamaiedge.net")
|| shExpMatch(host, "e13687.d.akamaiedge.net")
|| shExpMatch(host, "*.cloudfront.net")
|| shExpMatch(host, "d27v6ck90qm3ay.cloudfront.net")
|| shExpMatch(host, "dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com")
|| shExpMatch(host, "dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com")
|| shExpMatch(host, "mcs-cloudstation-eu-central-1.prod.hydra.sophos.com")
|| shExpMatch(host, "mcs-cloudstation-eu-west-1.prod.hydra.sophos.com")
|| shExpMatch(host, "mcs-cloudstation-us-east-2.prod.hydra.sophos.com")
|| shExpMatch(host, "mcs-cloudstation-us-west-2.prod.hydra.sophos.com")
|| shExpMatch(host, "mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com")
|| shExpMatch(host, "mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com")
|| shExpMatch(host, "mcs2-cloudstation-us-east-2.prod.hydra.sophos.com")
|| shExpMatch(host, "mcs2-cloudstation-us-west-2.prod.hydra.sophos.com")
|| shExpMatch(host, "mcs.stn100syd.ctr.sophos.com")
|| shExpMatch(host, "mcs.stn100yul.ctr.sophos.com")
|| shExpMatch(host, "mcs.stn100hnd.ctr.sophos.com")
|| shExpMatch(host, "mcs2.stn100syd.ctr.sophos.com")
|| shExpMatch(host, "mcs2.stn100yul.ctr.sophos.com")
|| shExpMatch(host, "mcs2.stn100hnd.ctr.sophos.com")
|| shExpMatch(host, "ocsp.globalsign.com")
|| shExpMatch(host, "ocsp2.globalsign.com")
|| shExpMatch(host, "crl.globalsign.com")
|| shExpMatch(host, "crl.globalsign.net")
|| shExpMatch(host, "ocsp.digicert.com")
|| shExpMatch(host, "crl3.digicert.com")
|| shExpMatch(host, "crl4.digicert.com")
|| shExpMatch(host, "amazonaws.com")
|| shExpMatch(host, "cdn.uci.officeapps.live.com"))
return "DIRECT";
// Save the IP-address to variable hostIP
var hostIP;
var isIpV4Addr = /^(\d+.){3}\d+$/;
if (isIpV4Addr.test(host))
hostIP = host;
else
hostIP = dnsResolve(host);
// IP could not be determined -> go to proxy
if (hostIP == 0)
return "PROXY 192.168.153.49:5080";
// These 3 scopes are used only internally
if (shExpMatch(hostIP, "10.216.4.*") ||
shExpMatch(hostIP, "192.168.*") ||
shExpMatch(hostIP, "127.0.0.1"))
return "DIRECT";
// Eveything else goes through the proxy
return "PROXY 192.168.153.49:5080;";
}
This thread was automatically locked due to age.