AppGate and Automatic Proxy Settings.

Description:

 

Applying automatic proxy settings is very nice and not that complicated to achieve. Warning this could impact current user sessions.

You require a local Web server on the LAN where a file called wpad.dat (and an identical file called proxy.pac) can be located and clients can collect. This is a short file that is easy to configure.

Examples can be found here:

http://en.wikipedia.org/wiki/Proxy_auto-config

http://homepages.tesco.net./~J.deBoynePollard/FGA/web-browser-auto-proxy-configuration.html

The next step is to make sure the clients machines know about it.

You can use either a DHCP option to give the URL to this file or you can use a DNS name in browsers configuration. We recommend the DHCP option method for full control. In a Microsoft DHCP server it is very simple to add extra DHCP options to a scope. (Please refer to Microsoft Help or DHCP provider for more info)

We at Appgate have tested this and found that a dhcp option is required to be set via the IP Tunnelling interface on the Appgate Security Server. This enables the client to change the settings when logged into the secure environment. During testing the URL used was an IP no. - http://192.168.1.111/proxy.pac (can be a FQDN proxy.appgate.local )

To add dhcp options to the Appgate server some work needs to be completed. Before we can add the option we need to convert the URL for the proxy.pac into a hexadecimal string.

This is accomplished from the AppGate Server terminal with the 'od' command: 

      
echo "http://proxy.appgate.local/proxy.pac" | od -x
0000000 68747470 3a2f2f70 726f7879 2e617070
0000020 67617465 2e6c6f63 616c2f70 726f7879
0000040 2e706163 0a00
0000045

Ignore the final 0a and any trailing zeroes, in this case it gives:

687474703a2f2f70726f78792e617070676174652e6c6f63616c2f70726f78792e706163

Now concatenate the following:

  • "fc" (that's the DHCP option number (252) in hex.
  • One plus the length of the URL (36+1 with http://proxy.appgate.local/proxy.pac) written as two hexadecimal digits ("25" in this case 37 in decimal).
  • The hex string you got from od above.
  • "00" (to terminate the string).
The resulting string is:

fc25687474703a2f2f70726f78792e617070676174652e6c6f63616c2f70726f78792e70616300

To set up IP Tunnelling with this option, do the following logged in to a terminal session as root on the AppGate server: 

ag_cfggetset -s ag_stated.dhcp_options'{ "fc25687474703a2f2f70726f78792e617070676174652e6c6f63616c2f70726f78792e70616300" }'
In order for this to take effect you need to restart ag_stated: 
/etc/init.d/ag_stated restart
Restarting stated in most cases causes the current AppGate connections to stop working so take care if applying this to a production system.
Updated 2008-06-10 08:07 Copyright © 2002-2009 AppGate Network Security AB. All rights reserved.
Legal notice 		Contact AppGate Network Security
Comments to the webmaster