Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

PAC file for proxy autoconfig across a WAN

Posted on 2012-03-13
9
Medium Priority
?
1,103 Views
Last Modified: 2012-04-16
We currently use WPAD and it works fine, but our network department wants to change to use a PAC file on a BlueCoat (BC) using an autoconfig script.  We need PC's in one region to use one BC and PC's in another region to use another.  They asked me to create a DNS file that will change the IP of the hostname depending on the region.  I do not know if this is possible.  If it is, that would be cool.

So then he asked about putting the BC's behind an F5 which we only have at one location.  Seems this would not be too effective since we do not have an F5 Cluster across the WAN.  But we could go this route if we wanted to change.

Do you have any ideas for me?  They are being persistent, we are happy with WPAD so would like to hear your ideas of the Pros and Cons of WPAD through IIS rather than PAC file through autoconfig script.  ..and any way to do this better.  Cluster the Bluecoats across the WAN possibly?

We have IE, Chrome and Firefox.

Thank you.
0
Comment
Question by:stowyo
  • 5
  • 4
9 Comments
 
LVL 10

Expert Comment

by:ujitnos
ID: 37718538
You cannot have a DNS resolve to different IP, based on locations. what you can do is configure the proxy with same IP in both the location but make it non-routable between the locations so the same WPAD can be used within the same region with separate Bluecoat devices.

Else use PAC file and mention in it saying that if traffic from Region1 LAN - Use BC 1, if host IP from Region 2 LAN - Use BC 2

Examples of PAC can be found here

http://www.findproxyforurl.com/pac_file_examples.html
0
 
LVL 1

Author Comment

by:stowyo
ID: 37719801
Yea, what they want to have is one autoconfig script for all locations which is easy enough in terms of the contents of the PAC file.  What confuses me is how we can have the same hostname for all the Bluecoats without a cluster.  Each Bluecoat has a different IP and must stay that way.
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 37731855
Your BC in site 1 might have 1.1.1.1 and the DNS in site 1 will resule to this IP and in site 2 the BC ip 2.2.2.2 should be resolved by the site 2 DNS. 1.1.1.1 should only be routable within site 1. Keep the hostname same in both the sites.
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
LVL 1

Author Comment

by:stowyo
ID: 37738106
If I could do that, great.  How do I do that with DNS?  It is 2008 Server R2 and the DNS servers overseas replicate with my america DNS servers.  Originally you told me I could not do this with DNS
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 37745754
Like i said, both DNS will have same entry. but the IP address should not be routable across the two sites
0
 
LVL 1

Author Comment

by:stowyo
ID: 37749771
Yea, that is not really a solution.  We are a good size enterprise and looking for a more solid solution.  Maybe I will contact BlueCoat directly and see what they recommend.
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 37750922
Then the only option is use of PAC files.
0
 
LVL 1

Accepted Solution

by:
stowyo earned 0 total points
ID: 37754263
Actually no.  WPAD is what we use now and I can think of a way to distribute that.  I would like to find a way to distribute a PAC file across a WAN, that is solid.  Your solution is not acceptable.
0
 
LVL 1

Author Closing Comment

by:stowyo
ID: 37850346
No real help.  He was telling me something I already did.  I was looking for the alternate.  Just delete this entire chain out.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Make the most of your online learning experience.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question