Custom PAC file import fails on Endpoint Protection Manager
Article ID: 191145
Updated On:
Products
Endpoint Protection
Issue/Introduction
The following error is displayed after selecting a custom Proxy Auto Configuration (PAC) file to import into the WSS Traffic Redirection settings in an Integrations policy for Symantec Endpoint Protection (SEP) 14.3 or higher:
"The custom PAC file does not follow the standard format. Check the help for format requirements."
Environment
Symantec Endpoint Protection 14.3
Cause
This error can have several causes. The most common causes are:
- The file selected is not a PAC file
- There are syntax errors in the selected PAC file
- The PAC file has not been properly tokenized
- The PAC file does not include a return statement for localhost
Resolution
Since this error can have multiple causes, try all of the following solutions until the PAC file import is successful.
Confirm the PAC file syntax is valid
The Symantec Endpoint Protection Manager (SEPM) validates the syntax of the PAC file before allowing it to be imported. Use a PAC file checking utility to confirm the PAC file syntax is valid. See Verify a Proxy Auto Configuration file using Web Security Service PAC File Management to learn how to verify a PAC file using the PAC file checker built into the Web Security Service (WSS).
Tokenize the PAC file
To prevent clients from receiving a PAC file that references an incorrect port for the Local Proxy Service (LPS), the SEPM looks for the token "<<port>>", and replaces this with the correct LPS port as configured in the Integrations policy. Confirm any references to the LPS port in the PAC file are replaced with "<<port>>" instead of the actual numerical value for the LPS port. For example:
The Symantec Endpoint Protection Manager (SEPM) validates the syntax of the PAC file before allowing it to be imported. Use a PAC file checking utility to confirm the PAC file syntax is valid. See Verify a Proxy Auto Configuration file using Web Security Service PAC File Management to learn how to verify a PAC file using the PAC file checker built into the Web Security Service (WSS).
Tokenize the PAC file
To prevent clients from receiving a PAC file that references an incorrect port for the Local Proxy Service (LPS), the SEPM looks for the token "<<port>>", and replaces this with the correct LPS port as configured in the Integrations policy. Confirm any references to the LPS port in the PAC file are replaced with "<<port>>" instead of the actual numerical value for the LPS port. For example:
return 'PROXY localhost:<<port>>';
Reference localhost
The SEPM requires the PAC file to reference localhost. If the PAC file is configured to point clients to the loopback interface by IP address (127.0.0.1, or ::1), the SEPM will not import the PAC file. Review the PAC file and ensure the file references the loopback interface by hostname (localhost) and not by IP address (127.0.0.1, ::1).
Feedback
Yes
No
Powered by
