KB Article | Forcepoint Support

Notes & Warnings

For information on sending WPAD via GPO for users, see How to set advanced settings in Internet Explorer by using Group Policy Objects.

Problem Description

How do I configure WPAD on my network for Content Gateway?

Resolution

The wpad.dat file can be configured in the Content Gateway Manager:
  1. Go to Configure > Content Routing > Browser Auto-Config > WPAD.
  2. Go to Configure > Networking > ARM to configure ARM.
  3. Under Network Address Translation (NAT),  click Edit.
  4. Fill out the fields for the ipnat.conf file:
    1. Ethernet Interface: The network interface that receives browser WPAD requests (for example, eth1 or eth0).
    2. Connection Type: tcp
    3. Source IP field: The IP address of the Websense Content Gateway server that will be resolved to the WPAD server name by the local name servers followed by /32 (for example, 10.0.0.1/32).
    4. Source Port: 80
    5. Destination IP: The same IP address you entered in the Source IP field but omit /32.
    6. Destination Port: 8083
User-added image
  1. Click Add.
  2. Once created, make sure the new rule is highlighted in the top left box and use the arrow buttons at the top left to move the rule to the top of the list.
  3. Click Apply. You will be warned that a restart is required.
  4. Back in Content Gateway > Networking > ARM, click refresh on the list to see the change. The new entry should be the first entry on the table as shown below.
  5. Once confirmed to be correct, restart the Content Gateway under Configure > My Proxy > Basic > General.
User-added image
A sample PAC file for WPAD:
function FindProxyForURL(url, host)
   {
      if (isPlainHostName(host) || dnsDomainIs(host,".company.com"))
         return "DIRECT";
      else
         return "PROXY myproxy.company.com:8080; DIRECT";
   }
Additional configurations on the network are needed for WPAD to work.  You can configure DHCP or DNS for automatic discovery.

Note If both are configured and DHCP fails, then DNS will take over.

For additional information on configuring your network (DHCP or DNS) for WPAD, review TechNet article Automatic Discovery for Firewall and Web Proxy Clients.

Testing WPAD
  1. In the browser, type http:// <WCG proxy>:8083.
    1. You should be able to download the wpad.dat file.
  2. When running a packet capture, you should be able to see a GET request to wpad.dat:
WPAD

Article Feedback



Thank you for the feedback and comments.