1st cup o coffee - network state change>launchagent>script that checks IP range> does a proxy thing

Depends on how quickly the things needs to be done. Jamf runs policies based on information Jamf Pro has. You can set a policy to run once a device reports it has your internal IP addresses simply enough. However, there will still be a 7-23 minute delay on the policy running as there is a time skew on the device checking in to Jamf to update inventory which is what queues the policies to run. This is a two-way street, when they get home and are no longer on a corp network it will take another 7-23 minutes for the thing to happen to undo the setting.

Honesty, you need to be configuring policies with a network security client on the network side or a VPN client (or similar) on the device side if you need it to be dynamic and flexible. 

LaunchAgent to run script like @efil4xiN with network change and can try using Network Locations (networksetup --switchtolocation)

I have this exact need as well. I need to apply an automatic proxy configuration (pac file url) when connected in the office or on wireless 8021x in the office. 

Did anyone end up with a solution on this issue?

I’m still trying to solve this issue. Did you get anywhere with it?

Hey mate - I have a solution. I’ve documented it here: https://bygeorge.io/proxy-automation-simplified-introducing-proxymon/

While it won’t be suitable for every scenario it does seem to work pretty well for me. It will go and essentially check if a hostname is reachable (an internal one ) and if it is, then it will set the pac file on all interfaces. If it’s not, then it will remove the pac file from all interfaces. 

I tried to play around with another iteration where it was more selective about adding and removing only on specific interfaces but I found it wasn’t as reliable.