Bypass proxy.pac for VPN connections

Posted on 2014-03-07
Medium Priority
Last Modified: 2014-03-18
Hello everyone,

In one of our customers environments we use a proxy.pac for automatic proxy configuration. The pac file is distributed to Internet Explorer configuration using Group Policy.

Now the Problem is that a lot of users complain about very slow internet connections when working while connect via VPN (Checkpoint). The Checkpoint policy is not defined to route all network traffic through the VPN tunnel. Normaly browsing the web would be handled solely by the clients local internet connection and not through the company network.

The problem itself sounds reasonable since the Browser is able to reach the Proxy.pac and has to go through all the lines of code in it every time a web page loads.

So the question is. Is there a preferably easy way to get the client to recognize wether it's preferable to use the proxy.pac file (while inside the company net) or it's total nonsens (VPN)

Thanks in advance for any advice.

Best Regards,

Question by:eSourceONE
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 62

Expert Comment

ID: 39913137
You can replace proxy.pac with dynamic script that hands out return DIRECT to dialin users...
LVL 57

Expert Comment

ID: 39914037
Depending on how the VPN connection appears you should be able to code the proxy.pac file in a way to detect that there is a VPN interface (IP address/subnet) and return DIRECT and the code can go at the beginning of the pac file so you don't go through the whole pac file.
LVL 62

Expert Comment

ID: 39914331
MyIpAddress() sometimes picks user's public adress, sometimes virtualbox/vmware/virtualpc adapter etc...
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

LVL 57

Accepted Solution

giltjr earned 1500 total points
ID: 39914655
I can't remember how I did it, but I know I did not use MyIpAddress().  As gheist stated, that was unreliable.

However since you mentioned Checkpoint and VPN, not sure of your setup, but it looks like the VPN client may have a solution:


Search on "Windows Proxy Replacement"
LVL 62

Expert Comment

ID: 39914731
Since PAC file is retrieved without proxy you and always plant address retrieving the file in it.... (and sorry if I get annoying with trying to convince you to follow me with dynamic script)

Author Closing Comment

ID: 39937069
The proxy.pac Checkpoint creates is a little awkward since it reveals the internal network in plain text while a simple "return direct" would have also done the trick.

Nevertheless this solution's proved to be acceptable by our customer.

Thanks for the help!
LVL 57

Expert Comment

ID: 39937120
Thanks for the points.

I did go back and find my proxy.pac file.  As it turns out I did use MyIpAddress(), but it was a "not" check.

If MyIpAddress() was not in the subnet used for desktops in the office, you went direct.

The only issue we ever had was one person decided to setup their home network to use the same IP subnet that we used for desktops at work.

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question