Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Network Connect Proxy Support

    Network Connect provides support for remote clients using a proxy server to access the Internet (and the SA Series Appliance via the Internet), as well as clients who do not need a proxy to access the Internet, but who access resources on an internal network through a proxy. Network Connect also provides support for clients accessing a Proxy Automatic Configuration (PAC) file that specifies client and SA Series Appliance proxy settings enabling access to Web applications.

    Note: The Network Connect client does not support the use of the MS Winsock proxy client. Please disable the MS Winsock proxy client before running the Network Connect client. For more information, see http://www.microsoft.com/windowsxp/using/mobility/expert/vpns.mspx.

    To address these varying methods of proxy implementation, Network Connect temporarily changes the proxy settings of the browser so that only traffic intended for the Network Connect session uses the temporary proxy settings. All traffic not intended for the Network Connect session uses the existing proxy settings.

    Note: The Network Connect client does not support the option to automatically detect proxy settings. You must choose to use either an automatic configuration script (PAC) or specify a proxy server. You cannot use both a proxy server and an automatic configuration script, together. You can define one or the other at Users > Resource Policies > Network Connect > NC Connection Profiles > Select Profile > Proxy.

    Whether split-tunneling is enabled or disabled, the SA Series Appliance supports the following proxy scenarios:

    • Using an explicit proxy to access the SA Series Appliance
    • Using an explicit proxy to access internal Web applications
    • Using a PAC file to access the SA Series Appliance
    • Using a PAC file to access internal Web applications

    Please note the following exceptions:

    • The SA Series Appliance does not support redirect downloads and therefore does not support the redirecting of the internal PAC file download.
    • The SA Series Appliance’s dsinet client does not support SSL; you can not obtain the internal PAC file from the SSL server.
    • The SA Series Appliance does not support “auto detect proxy”. If both static proxy and “auto proxy script (pac)” are defined, the SA Series Appliance uses the static proxy configuration.
    • The Network Connect profile does not have a static proxy exception field for internal proxy. If you require proxy exceptions, you can use a PAC file with proxy exception logic.
    • The Network Connect client supports “auto proxy script (pac)” only when the configuration is the PAC file URL. If the URL is a redirect URL or IE proxy configuration script it is not supported.

    When split-tunneling is enabled on the SA Series Appliance, Network Connect manages proxy settings in one of the following ways, depending on the method with which the proxy is implemented:

    • For remote clients using a proxy server to access the Internet, all HTTP requests generated by the browser and intended for the SA Series Appliance go through either an explicit proxy or a PAC file accessed by the remote client. Because the presence of an explicit proxy or access to a PAC file is already provisioned on the client-side, the client sets up the local, temporary proxy before attempting to establish a Network Connect session.
    • For remote clients using a proxy server to access the Internet, all HTTP requests generated by the browser and intended for the SA Series Appliance go through either an explicit proxy or a PAC file accessed by the remote client. Because the presence of an explicit proxy or access to a PAC file is already provisioned on the client-side, the client sets up the local, temporary proxy before attempting to establish a Network Connect session.
    • When a remote client accesses a pre-configured HTTP-based PAC file, the client cannot access the PAC file until after Network Connect establishes a session connection. After Network Connect establishes a connection, the client accesses the PAC file, includes the PAC file contents in the local, temporary proxy, and then refreshes the browser proxy setting.

    Published: 2011-03-14