gunschee
asked on
PAC Files for device Failover
My company has purchased two Smoothwall Guardian web filters. Setup has been pretty straight forward, and we have one replicating to another one for failover.
We use a PAC file via group policy for a proxy redirect thru the primary device. Right now the PAC file is imbedded on the primary device, but this is where the documentaion gets thin. MY understanding is that in order for failover to occur, some logic needs to be put in place within the PAC file to redirect traffic to the secondary if it should become unavailable.
So my questions are, what would the entries in the PAC file be to redirect to the secondary device if the primary was unavailable, and being that the current policy directs to the primary device via "http://address of primary/proxy.pac", wouldn't the PAC file have to now be in an external location in order to function properly?
We use a PAC file via group policy for a proxy redirect thru the primary device. Right now the PAC file is imbedded on the primary device, but this is where the documentaion gets thin. MY understanding is that in order for failover to occur, some logic needs to be put in place within the PAC file to redirect traffic to the secondary if it should become unavailable.
So my questions are, what would the entries in the PAC file be to redirect to the secondary device if the primary was unavailable, and being that the current policy directs to the primary device via "http://address of primary/proxy.pac", wouldn't the PAC file have to now be in an external location in order to function properly?
ASKER
For the example "return "PROXY proxy1.example.com:8080; PROXY proxy2.example.com:8080";: , would this be put on a network share? If so, how would you call it? The policy for IE seems to want a URL for the entry.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
return "PROXY proxy1.example.com:8080; PROXY proxy2.example.com:8080";
http://en.wikipedia.org/wiki/Proxy_auto-config#Advanced_functionality
However, according to the web site, you should be able to run in a HA active/passive configuration where the two devices appear as one to the network clients, so they would only need to be configured for one proxy, and you should only need to point to 1 location for the proxy.pac file.
http://www.smoothwall.org/about/feature-comparison-chart/