Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3083
  • Last Modified:

Bypass proxy.pac for VPN connections

Hello everyone,

In one of our customers environments we use a proxy.pac for automatic proxy configuration. The pac file is distributed to Internet Explorer configuration using Group Policy.

Now the Problem is that a lot of users complain about very slow internet connections when working while connect via VPN (Checkpoint). The Checkpoint policy is not defined to route all network traffic through the VPN tunnel. Normaly browsing the web would be handled solely by the clients local internet connection and not through the company network.

The problem itself sounds reasonable since the Browser is able to reach the Proxy.pac and has to go through all the lines of code in it every time a web page loads.

So the question is. Is there a preferably easy way to get the client to recognize wether it's preferable to use the proxy.pac file (while inside the company net) or it's total nonsens (VPN)

Thanks in advance for any advice.

Best Regards,

Lars
0
eSourceONE
Asked:
eSourceONE
  • 3
  • 3
1 Solution
 
gheistCommented:
You can replace proxy.pac with dynamic script that hands out return DIRECT to dialin users...
0
 
giltjrCommented:
Depending on how the VPN connection appears you should be able to code the proxy.pac file in a way to detect that there is a VPN interface (IP address/subnet) and return DIRECT and the code can go at the beginning of the pac file so you don't go through the whole pac file.
0
 
gheistCommented:
MyIpAddress() sometimes picks user's public adress, sometimes virtualbox/vmware/virtualpc adapter etc...
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
giltjrCommented:
I can't remember how I did it, but I know I did not use MyIpAddress().  As gheist stated, that was unreliable.

However since you mentioned Checkpoint and VPN, not sure of your setup, but it looks like the VPN client may have a solution:

https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/14156.htm

Search on "Windows Proxy Replacement"
0
 
gheistCommented:
Since PAC file is retrieved without proxy you and always plant address retrieving the file in it.... (and sorry if I get annoying with trying to convince you to follow me with dynamic script)
0
 
eSourceONEAuthor Commented:
The proxy.pac Checkpoint creates is a little awkward since it reveals the internal network in plain text while a simple "return direct" would have also done the trick.

Nevertheless this solution's proved to be acceptable by our customer.

Thanks for the help!
0
 
giltjrCommented:
Thanks for the points.

I did go back and find my proxy.pac file.  As it turns out I did use MyIpAddress(), but it was a "not" check.

If MyIpAddress() was not in the subnet used for desktops in the office, you went direct.

The only issue we ever had was one person decided to setup their home network to use the same IP subnet that we used for desktops at work.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now