When connecting using the Endpoint Security Client, I am receiving a proxy PAC file from the DC. while I have modified the PAC file to allow my VPN subnet to go direct this isn't working as expected. I am able to access all internal resource but cannot browse the internet, disabling the pac file works straight away.
Here is a snippet of the pac file
function FindProxyForURL(url, host) {
// our local URLs from the domains below example.com don't need a proxy:
if (dnsDomainIs(host, "*.office.com")) return "DIRECT";
if (dnsDomainIs(host, "*.office365.com"))return "DIRECT";
if (dnsDomainIs(host, "*.teams.microsoft.com"))return "DIRECT";
if (dnsDomainIs(host, "*.lync.com")) return "DIRECT";
if (dnsDomainIs(host, "*.broadcast.skype.com")) return "DIRECT";
if (dnsDomainIs(host, "*.skypeforbusiness.com")) return "DIRECT";
// If the requested website is hosted within the internal network, send direct.
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
// subnet, send to a specific proxy.
if (isInNet(myIpAddress(), "172.16.0.0", "255.255.255.0"))
return "DIRECT";
// Proxy Addresses
return "PROXY 10.0.0.1:8080";
}
While this is not a Checkpoint issue. I would like to know if it is possible to tell the firewall or Endpoint Security Client to block the pac file from being downloaded and installed on the client machine