wpad.dat not accepted on AsyncOS 10.1

ruben.omez · ‎02-03-2017

Hi all,

Currently facing following issue:

We deploy a new setup with a pair of WSA S390.

We have proxy autodiscovery enabled in our webbrowsers.

The WSA's are serving the default.pac to the clients.

In DHCP, we provide the http://<proxy-ip>/default.pac

In DNS, the WPAD entry contains the <proxy-ip>

Unfortunately, it seems impossible to host the wpad.dat on the WSA starting from version 10.x. The error message 'Invalid PAC format' appears...

So, clients falling back to DNS for WPAD (such as firefox), are unable to autodiscover the proxy settings.

According Cisco TAC, this is known behavior and pointed my atention to following case:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuh64055/?reffering_site=dumpcr

Is any of you aware of this limitation?

Do you know any workarounds?

Thanks.

ruben.omez · ‎02-03-2017

I believe this is the workaround:

WPAD Not Working With Firefox
Firefox browsers may not support DHCP lookup with WPAD. For current information, see
https://bugzilla.mozilla.org/show_bug.cgi?id=356831.
To use Firefox (or any other browser that does not support DHCP) with WPAD when the PAC file is
hosted on the Web Security appliance, configure the appliance to serve the PAC file through port 80.
Step 1 Choose Security Services > Web Proxy and delete port 80 from the HTTP Ports to Proxy field.
Step 2 Use port 80 as the PAC Server Port when you upload the file to the appliance.
Step 3 If any browsers are manually configured to point to the web proxy on port 80, reconfigure those browsers
to point to another port in the HTTP Ports to Proxy field.
Step 4 Change any references to port 80 in PAC files.

Tao Yang · ‎02-14-2017

It has been confirmed as a new defect in version 10.1.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd07663

Please rate or mark the question as answered if this helps.