Cloud or Web Hybrid endpoint client not applying policy specific PAC file
- Article Number: 000005168
- Products: Forcepoint One Endpoint, Forcepoint Web Security, Forcepoint Web Security Cloud, Forcepoint Web Security Endpoint, Forcepoint Web Security Endpoint Cloud, TRITON AP-ENDPOINT Web, TRITON AP-WEB, Web Security Gateway Anywhere
- Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6, 7.5, 19, 18
- Last Published Date: October 14, 2019
Notes & Warnings
To assure proper behavior, your firewall should allow ports 80, 443 and 8080 through 8100 to the Cloud Service cluster IP addresses.
Ports to open:
I installed endpoint client for Web filtering and end users receive the default PAC file. As a result, they do not obtain my custom non-proxied destination list. Why is endpoint not receiving my customer specific PAC file?
There can be several reasons for this behaviour.
By default, the cloud proxy does not accept the authentication details provided by Endpoint Client when the end user is browsing from a non-domain computer. If a customer requires that non-domain users are able to access the internet through the cloud proxy, please enable the custom template 'Allow endpoint non-domain users' for all policies, and ensure that the 'apply to future policies' box is also ticked. Logging in with cached domain credentials is supported.
This parameter uniquely identifies a specific customer's Cloud account. If not supplied during installation, endpoint cannot identify the specific Cloud account. To correct this problem, uninstall and then reinstall endpoint client. For example, an installation command looks like the following:
msiexec /package "\\path\Websense Endpoint.msi" /quiet /norestart WSCONTEXT=xxxx
The end user may not have synchronized correctly with Cloud services during endpoint installation. The user may not have correctly associated with your unique customer account. In this case, instead of seeing a policy specific PAC file, they receive the default PAC file. To correct this problem, uninstall endpoint. When reinstalling, ensure the user installing endpoint is synced to the Cloud, then run the installer again.
Verify connectivity on the Cloud service proxy on ports 8081 and 8082.
If your connection is refused, you need to open up a port on your firewall.