PAC Files for device Failover

Posted on 2012-08-10
Medium Priority
Last Modified: 2012-09-05
My company has purchased two Smoothwall Guardian web filters.  Setup has been pretty straight forward, and we have one replicating to another one for failover.  

We use a PAC file via group policy for a proxy redirect thru the primary device.  Right now the PAC file is imbedded on the primary device, but this is where the documentaion gets thin.  MY understanding is that in order for failover to occur, some logic needs to be put in place within the PAC file to redirect traffic to the secondary if it should become unavailable.  

So my questions are, what would the entries in the PAC file be to redirect to the secondary device if the primary was unavailable, and being that the current policy directs to the primary device via "http://address of primary/proxy.pac", wouldn't the PAC file have to now be in an external location in order to function properly?
Question by:gunschee
  • 2
LVL 42

Expert Comment

ID: 38283975
The proxy.pac file can return multiple proxy servers.

return "PROXY proxy1.example.com:8080; PROXY proxy2.example.com:8080";


However, according to the web site, you should be able to run in a HA active/passive configuration where the two devices appear as one to the network clients, so they would only need to be configured for one proxy, and you should only need to point to 1 location for the proxy.pac file.


Author Comment

ID: 38292468
For the example "return "PROXY proxy1.example.com:8080; PROXY proxy2.example.com:8080";: , would this be put on a network share?  If so, how would you call it?  The policy for IE seems to want a URL for the entry.
LVL 42

Accepted Solution

kevinhsieh earned 2000 total points
ID: 38320749
There are two issues that we may be getting confused. The first is the location of the proxy.pac file itself. The file must be on a web server(s). It seems to me that your Smoothwalls are hosting your proxy.pac file, because you say that "Right now the PAC file is imbedded on the primary device". Since your gateways support HA, I imagine that the same file can be put on the second gateway, and that the clients would be able to get the file from either gateway using the same URL, because the gateways should share an IP address. When I was using a proxy.pac file I put a copy onto each member of a Windows NLB cluster running IIS, so the file should always be available as long as the cluster was available.

The proxy.pac file itslef supports using multiple proxy servers, and I gave the syntax above. That said, since your gateways should be in a HA configuration sharing the same IP address, they will look like a single device on the network and you should not need to do anything special to the file.

I have no experience with Smoothwall. If you need more help, I suggest you contact their technical support since you are paying for it, and they will know how to best setup for your environment.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question