PAC Files for device Failover

My company has purchased two Smoothwall Guardian web filters.  Setup has been pretty straight forward, and we have one replicating to another one for failover.  

We use a PAC file via group policy for a proxy redirect thru the primary device.  Right now the PAC file is imbedded on the primary device, but this is where the documentaion gets thin.  MY understanding is that in order for failover to occur, some logic needs to be put in place within the PAC file to redirect traffic to the secondary if it should become unavailable.  

So my questions are, what would the entries in the PAC file be to redirect to the secondary device if the primary was unavailable, and being that the current policy directs to the primary device via "http://address of primary/proxy.pac", wouldn't the PAC file have to now be in an external location in order to function properly?
Who is Participating?
kevinhsiehConnect With a Mentor Commented:
There are two issues that we may be getting confused. The first is the location of the proxy.pac file itself. The file must be on a web server(s). It seems to me that your Smoothwalls are hosting your proxy.pac file, because you say that "Right now the PAC file is imbedded on the primary device". Since your gateways support HA, I imagine that the same file can be put on the second gateway, and that the clients would be able to get the file from either gateway using the same URL, because the gateways should share an IP address. When I was using a proxy.pac file I put a copy onto each member of a Windows NLB cluster running IIS, so the file should always be available as long as the cluster was available.

The proxy.pac file itslef supports using multiple proxy servers, and I gave the syntax above. That said, since your gateways should be in a HA configuration sharing the same IP address, they will look like a single device on the network and you should not need to do anything special to the file.

I have no experience with Smoothwall. If you need more help, I suggest you contact their technical support since you are paying for it, and they will know how to best setup for your environment.
The proxy.pac file can return multiple proxy servers.

return "PROXY; PROXY";

However, according to the web site, you should be able to run in a HA active/passive configuration where the two devices appear as one to the network clients, so they would only need to be configured for one proxy, and you should only need to point to 1 location for the proxy.pac file.
gunscheeAuthor Commented:
For the example "return "PROXY; PROXY";: , would this be put on a network share?  If so, how would you call it?  The policy for IE seems to want a URL for the entry.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.