PAC Files for device Failover

Posted on 2012-08-10
Last Modified: 2012-09-05
My company has purchased two Smoothwall Guardian web filters.  Setup has been pretty straight forward, and we have one replicating to another one for failover.  

We use a PAC file via group policy for a proxy redirect thru the primary device.  Right now the PAC file is imbedded on the primary device, but this is where the documentaion gets thin.  MY understanding is that in order for failover to occur, some logic needs to be put in place within the PAC file to redirect traffic to the secondary if it should become unavailable.  

So my questions are, what would the entries in the PAC file be to redirect to the secondary device if the primary was unavailable, and being that the current policy directs to the primary device via "http://address of primary/proxy.pac", wouldn't the PAC file have to now be in an external location in order to function properly?
Question by:gunschee
    LVL 41

    Expert Comment

    The proxy.pac file can return multiple proxy servers.

    return "PROXY; PROXY";

    However, according to the web site, you should be able to run in a HA active/passive configuration where the two devices appear as one to the network clients, so they would only need to be configured for one proxy, and you should only need to point to 1 location for the proxy.pac file.

    Author Comment

    For the example "return "PROXY; PROXY";: , would this be put on a network share?  If so, how would you call it?  The policy for IE seems to want a URL for the entry.
    LVL 41

    Accepted Solution

    There are two issues that we may be getting confused. The first is the location of the proxy.pac file itself. The file must be on a web server(s). It seems to me that your Smoothwalls are hosting your proxy.pac file, because you say that "Right now the PAC file is imbedded on the primary device". Since your gateways support HA, I imagine that the same file can be put on the second gateway, and that the clients would be able to get the file from either gateway using the same URL, because the gateways should share an IP address. When I was using a proxy.pac file I put a copy onto each member of a Windows NLB cluster running IIS, so the file should always be available as long as the cluster was available.

    The proxy.pac file itslef supports using multiple proxy servers, and I gave the syntax above. That said, since your gateways should be in a HA configuration sharing the same IP address, they will look like a single device on the network and you should not need to do anything special to the file.

    I have no experience with Smoothwall. If you need more help, I suggest you contact their technical support since you are paying for it, and they will know how to best setup for your environment.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Suggested Solutions

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now