Configuring PAC file for selecting a different Datacenter

Hi everyone!
As you know, some websites are blocked when trying to access them from another country.
We are trying to add something like that in our PAC file (based on Tunnel-2 profile):

if (((dnsDomainIs(host, “onedomain.com”)) ||
(dnsDomainIs(host, “.seconddomain.com”)) ||
(dnsDomainIs(host, “.thirddomain.com”)))
return “PROXY den3.sme.zscaler.net:80; PROXY dfw1-2.sme.zscaler.net:80”;

First option Denver and second Dallas (for example).
We applied it in a test user but it doesn’t work. Any thoughts? What are we missing?

Thank you!

Hi Isaac,
this can achieve using two PAC file configurations, one in forwarding profile and another in app profile.
Above statements should be on the app profile.
whereas the forwarding profile PAC should have below statements,

if (
dnsDomainIs(host, “onedomain.com”) ||
dnsDomainIs(host, “.seconddomain.com”) ||
dnsDomainIs(host, “.thirddomain.com”))

return “PROXY ${ZAPP_TUNNEL2_BYPASS}”;

/* Default Traffic Forwarding. Return DIRECT to tunnel using Tunnel2 */
return “DIRECT”;
}

I have same set of configuration and its working as expected.

1 Like

Hi Ramesh,
Thanks again, working as expected!

1 Like

I recommend against hard coding specific proxy names into your PAC as this reduces the ability for Zscaler to fail users over to another node and creates work when nodes are getting replaced. To resolve country specific issues, Zscaler has a variable which will automatically assign the device to the closest proxy within their own country:
example: return “PROXY ${COUNTRY_GATEWAY_FX}:443; PROXY ${COUNTRY_SECONDARY_GATEWAY_FX}:443”;

More info: Writing a PAC File | Zscaler

1 Like

We may not apply all recommendations, but look the possibilities of applying the recommendations.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.