We help IT Professionals succeed at work.

PAC file for proxy autoconfig across a WAN

Todd Mostowy
Todd Mostowy asked
on
We currently use WPAD and it works fine, but our network department wants to change to use a PAC file on a BlueCoat (BC) using an autoconfig script.  We need PC's in one region to use one BC and PC's in another region to use another.  They asked me to create a DNS file that will change the IP of the hostname depending on the region.  I do not know if this is possible.  If it is, that would be cool.

So then he asked about putting the BC's behind an F5 which we only have at one location.  Seems this would not be too effective since we do not have an F5 Cluster across the WAN.  But we could go this route if we wanted to change.

Do you have any ideas for me?  They are being persistent, we are happy with WPAD so would like to hear your ideas of the Pros and Cons of WPAD through IIS rather than PAC file through autoconfig script.  ..and any way to do this better.  Cluster the Bluecoats across the WAN possibly?

We have IE, Chrome and Firefox.

Thank you.
Comment
Watch Question

Commented:
You cannot have a DNS resolve to different IP, based on locations. what you can do is configure the proxy with same IP in both the location but make it non-routable between the locations so the same WPAD can be used within the same region with separate Bluecoat devices.

Else use PAC file and mention in it saying that if traffic from Region1 LAN - Use BC 1, if host IP from Region 2 LAN - Use BC 2

Examples of PAC can be found here

http://www.findproxyforurl.com/pac_file_examples.html
Todd MostowyAmericas Regional IT Manager

Author

Commented:
Yea, what they want to have is one autoconfig script for all locations which is easy enough in terms of the contents of the PAC file.  What confuses me is how we can have the same hostname for all the Bluecoats without a cluster.  Each Bluecoat has a different IP and must stay that way.

Commented:
Your BC in site 1 might have 1.1.1.1 and the DNS in site 1 will resule to this IP and in site 2 the BC ip 2.2.2.2 should be resolved by the site 2 DNS. 1.1.1.1 should only be routable within site 1. Keep the hostname same in both the sites.
Todd MostowyAmericas Regional IT Manager

Author

Commented:
If I could do that, great.  How do I do that with DNS?  It is 2008 Server R2 and the DNS servers overseas replicate with my america DNS servers.  Originally you told me I could not do this with DNS

Commented:
Like i said, both DNS will have same entry. but the IP address should not be routable across the two sites
Todd MostowyAmericas Regional IT Manager

Author

Commented:
Yea, that is not really a solution.  We are a good size enterprise and looking for a more solid solution.  Maybe I will contact BlueCoat directly and see what they recommend.

Commented:
Then the only option is use of PAC files.
Americas Regional IT Manager
Commented:
Actually no.  WPAD is what we use now and I can think of a way to distribute that.  I would like to find a way to distribute a PAC file across a WAN, that is solid.  Your solution is not acceptable.
Todd MostowyAmericas Regional IT Manager

Author

Commented:
No real help.  He was telling me something I already did.  I was looking for the alternate.  Just delete this entire chain out.