SEP/SES "PAC File Mode" Traffic Redirector End-of-Life
search cancel

SEP/SES "PAC File Mode" Traffic Redirector End-of-Life


Article ID: 272251


Updated On:


Endpoint Security Cloud Secure Web Gateway - Cloud SWG Endpoint Protection


Effective October 1, 2023, the "PAC File Mode" traffic redirection feature in Symantec Endpoint Protection (SEP) and Symantec Endpoint Security (SES) will transition to end-of-life (EOL) status.

The PAC File Mode integration allows SEP and SES to act as limited traffic redirector agents for Cloud SWG.  This technology has been replaced by our more capable Tunnel Mode technology which is available in the "Web and Cloud Access Protection" policy of SEP and SES. We strongly recommend that you begin the process of migrating PAC File mode users to Tunnel Mode to avoid loss of log data.


Effective October 1, 2023

  • PAC File Mode will no longer be supported
  • Any PAC File Mode traffic generated after October 1, 2023  will be subject to: 
     - A generic policy that protects against anti-malware only (your policy will not be applied)
     - Transaction logs will no longer be visible or downloadable

Additional Information

About Tunnel Mode
Customers who use the PAC File redirection method should plan to switch to Web and Cloud Access Protection Tunnel Mode before October 1, 2023.  The recommended minimum versions are 14.3 RU5 or above for Windows, and 14.3 RU6 or above for macOS.

Tunnel Mode provides better reliability, security, and value: 

  • Secures data in motion by establishing a secure tunnel from the endpoint to the nearest Cloud SWG data center
  • Handles traffic redirection for all ports, all protocols, and applications, including those that are not proxy-aware
  • Provides robust single sign on capabilities including SAML authentication
  • Supports additional cloud components including Cloud Firewall and ZTNA
  • Can be remotely disabled, reconnected and blocked via the Cloud SWG admin portal
  • Tamper proof
  • Can ignore traffic generated by defined application executables
  • CASB block notifications for real-time user coaching

About PAC File Mode

  • Previously referred to as SEP "WTR" (Web Traffic Redirection)
  • First available in SEP 14.0.1 MP1
  • Supports traffic redirection for traffic on TCP ports 80/443 for proxy-aware applications only
  • Can be affected by third party software such as AD policies
  • In certain cases, transactions generated by PAC File Mode will not be logged
  • Will be removed in a future SEP / SES release, and will be excluded from subsequent releases moving forward

The security of your organization is our highest priority, which is why it is important that you adopt our most current redirector technology which provides robust protection against emerging threats and environmental changes.

If you have any questions about how to adopt Web and Cloud Access Tunnel Mode, contact technical support by visiting:

For service status and maintenance updates visit and subscribe to Broadcom Service Status: