Configure a PAC File on AWS WorkSpace Clients
Focus
Focus
Prisma Access

Configure a PAC File on AWS WorkSpace Clients

Table of Contents

Configure a PAC File on AWS WorkSpace Clients

Using a PAC file is one method of securing internet traffic from AWS WorkSpaces.
One method of securing internet traffic from Amazon WorkSpaces is by using a proxy auto-configuration (PAC) file. A PAC file is JavaScript code that tells a web browser how to connect to a proxy server. Enterprise environments employ PAC files to control web traffic and enforce Security policy rules. A web server usually stores the PAC file, and the web browser downloads the PAC file when it starts up.
  1. If you have not already, set up Prisma SASE Explicit Proxy.
    You can either host a PAC file in Prisma SASE or the web server. Verify the PAC server is reachable from WorkSpace clients by accessing the PAC URL using a web browser.
  2. Customize the Prisma SASE Explicit Proxy PAC file to update the Proxy FQDN and to define exclusions.
    1. From Strata Cloud Manager, select WorkflowsPrisma Access SetupExplicit ProxyForwarding Rules
      .
    2. Edit the PAC file according to the PAC file guidelines.
  3. Install the certificate on the AWS WorkSpace client to apply user-based policy rules, traffic inspection, and reporting.
    This will allow the WorkSpace client to communicate with Prisma SASE Explicit Proxy.
  4. Configure the PAC file on AWS WorkSpace.
    The way that you do this depends on the browser you using.
    • Google Chrome:
      1. Open Chrome.
      2. Select the three dots in the upper right corner of the window.
      3. Select Settings.
      4. Select Advanced.
      5. Under System, select Open proxy settings.
      6. In the Local Area Network (LAN) Settings window, select Use automatic configuration script.
      7. In the Address field, enter the URL of your PAC file.
      8. Select OK to save your changes.
    • Firefox
      1. Open Firefox.
      2. Select the three lines in the upper right corner of the window.
      3. Select Options.
      4. Select Advanced.
      5. In Network, select Settings.
      6. In the Connection Settings window, select Automatic proxy configuration URL.
      7. In the URL field, enter the URL of your PAC file.
      8. Select OK to save your changes.
    When you have applied the PAC file, Chrome and Firefox will use it to determine which proxy server to use for each website.
  5. Restart the AWS WorkSpace browser.
    After the WorkSpace browser restarts, it will pick up the new PAC file and start routing traffic through the Prisma SASE proxy.
  6. Test and verify the traffic flow.
    Once you have configured the WorkSpace clients to use the Prisma SASE Explicit Proxy, you can test the traffic flow by validating the certificate in the browser and viewing logs on Prisma Access.
    1. If using Google Chrome, select the padlock in the address bar.
      1. Select Connection is secure.
      2. Select Certificate is valid.
      3. Verify the correct certificate details that appear in the pop-up.
    2. If using Safari, select the padlock icon in the address bar.
      1. Select Connection secure.
      2. Select More information.
      3. Select View Certificate.
      4. Verify the correct certificate details that appear in the pop-up.