JFYI: Firefox, proxy and fwd-pac

Hello all,

just one thing we ran into and it took me a little bit to find the root cause and I just was not aware of that.

General setup:

  1. Firefox on client side, user is able to configure proxy settings individually (here: no proxy)
  2. Zscaler Mobile portal: switch “Enable Firefox Integration” was set to off
  3. fwd pac contains config for specific URLs to be redirected to a forward proxy in Azure (via ZPA)
  4. ZCC with LWF and Tunnel 2.0

In this case the fwd pac file will never be pulled and evaluated by Firefox. You have to either configure firefox proxy settings to use “system proxy” or you need to set the switch mentioned in 2) to “on”. I got gray hair because the user “forgot” to mention that he uses Firefox and I did not understand why the traffic was not redirected for this particular user. My thinking error was simply: “Hey, all traffic goes into the tunnel anyway (because of tunnel 2.0) and the app should be able to handle that”.

If you think about it a bit, it’s perfectly clear and it is also described “somehow” in Zscaler help:

The Forwarding Profile PAC file is used to direct system, browser, and application traffic to Zscaler Client Connector. When Zscaler Client Connector receives traffic, the App Profile is used to direct that traffic to the Zscaler cloud.

But in day-to-day business, sometimes you just don’t have enough time to think of the obvious. So, again learned something and someone might find this info useful… :slight_smile: