Explicit Proxy with Third-Party VPNs
Focus
Focus
Prisma Access

Explicit Proxy with Third-Party VPNs

Table of Contents

Explicit Proxy with Third-Party VPNs

Learn how to use Prisma Access Explicit Proxy with third-party VPNs.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Prisma Access license
To use third-party VPNs with Explicit Proxy, you have be able to make the following changes in your network:
  • You must configure your third-party VPN to perform split tunneling to direct internet traffic to Explicit Proxy.
    For any assistance with configuring your third-party VPN, contact your third-party VPN vendor.
  • modify the PAC file to have Explicit Proxy bypass any of the following VPN components:
    • Any IP addresses associated with the third-party VPN
    • Any login URLs required for the third-party VPN
In the following example, you configured the PAC file so that Explicit Proxy bypasses internal resources using private IP addresses, as well as authentication traffic flows.
++++++++++++++++ function FindProxyForURL(url, host) { if (isPlainHostName(host) || shExpMatch(host, "*.local") || isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") || isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) return "DIRECT"; /* Bypass SAML for AnyConnect Azure */ if (shExpMatch(host, "login.microsoftonline.com")) return "DIRECT"; if (shExpMatch(host, "login.windows.net")) return "DIRECT"; if (shExpMatch(host, "login.microsoft.com")) return "DIRECT"; /* Forward to Prisma Access */ return "PROXY example.proxy.prismaaccess.com:8080"; }