: Prisma Access PAC File Endpoint for Explicit Proxy
Focus
Focus

Prisma Access PAC File Endpoint for Explicit Proxy

Table of Contents

Prisma Access PAC File Endpoint for Explicit Proxy

Prisma Access now hosts the proxy auto-configuration (PAC) file at a Palo Alto Networks URL.
Palo Alto Networks will begin rolling out a new endpoint for the Proxy Auto-Configuration (PAC) file used for Explicit Proxy to make it easier for you to enable access to PAC files. This new endpoint is hosted by Palo Alto Networks instead of the current AWS S3 endpoint. When you modify the PAC file after September 1, 2023, you will see the PAC File URL with the updated endpoint.
No immediate action is required if you are using PAC file directly, as you can continue to use the current AWS S3-based PAC File URL until Mar 31, 2024. We suggest migrating to use the PAC file URL with updated endpoint before March 31, 2024 at your convenience.
If you are using GlobalProtect in proxy Mode or tunnel and proxy mode and you don’t allow your devices to access all domains under prismaaccess.com (for example, because of a third-party VPN split tunnel or firewall rule), please allow your devices to access the PAC file endpoint (store.swg.prismaaccess.com) to avoid interruptions. Alternatively, you can override the PAC File URL in the Global Protect App Settings to use the S3-based PAC file URL until you are able to make changes to allow access to the new endpoint. Please migrate to new endpoint before March 31, 2024.
Please refer to the PAC file guidelines for additional information, including IP addresses that you need to allow on your endpoints so that they can reach the PAC file at the new URL.
After the PAC file updates, if you want to refer to the previous URL, you can replace the FQDN of the new URL with the previous one. The exact FQDN that you use depends on whether you have changed your PAC file after Prisma Access 4.1. For example:
New URLPrevious URL
https://pac-files-us-west-2-prod.s3.us-west-2.amazonaws.com/<tenant-id>/<uuid>.pac
OR
https://pac-files-prod.s3.us-west-2.amazonaws.com/<tenant-id>/<uuid>.pac
<tenant-id> and <uuid> remain the same across URLs.