Setup proxy PAC file for Citrix SSO for iOS or macOS

Citrix SSO supports Auto Proxy Config(proxy PAC file) after the VPN tunnel establishment. Admins can use the proxy PAC file to allow all the client’s HTTP traffic to go through a proxy, including resolving host names.

How to set up a proxy PAC file

Have an internal machine that can host a proxy file. For example, consider that the IP of the machine is 172.16.111.43 and the name of the PAC file is proxy.pac.

If the IP address of the actual proxy server is 172.16.43.83 which is listening on port 8080, then a sample of proxy.pac is as follows: function FindProxyForURL(url, host) { return “PROXY 172.16.43.83:8080”; }

The proxy PAC URL is http://172.16.111.43/proxy.pac. Assuming that the file is hosted on port HTTP port 80.

For more details, see https://support.citrix.com/article/CTX224235 or Proxy Auto Configuration for Outbound Proxy support for NetScaler Gateway.

Note:

  • If Split Tunnel is ON, then make sure that the IP address of the server hosting the PAC file is included in the intranet applications list so that it is reachable through VPN.
  • After logging in from Citrix SSO, the browsers start to use the rules from the proxy PAC file. If only one proxy rule is provided as in the previous example, then all HTTP or HTTPS traffic is routed to the internal proxy server.
Setup proxy PAC file for Citrix SSO for iOS or macOS