OS X Configuration Profiles and Proxy Server settings

andyparkernz
New Contributor III

Hi,

We've been testing pushing out Wi-Fi settings via Configuration Profile. Our internal network requires users to use a proxy, whereas offsite they don't need to use one on their notebooks.

When we've set the Proxy Setup value to Automatic and entered the URL for the PAC file, all works well onsite. However, this setting remains on the WiFi interface when the user heads home, so prevents them accessing the internet.

If we set the Proxy Setup value to None, this removes any proxy settings entered by other methods (we have Auto Proxy Discovery selected as this works both onsite and offsite).

We could script the Wifi SSIDs (we use WPA2, for various reasons 802.1x isn't an option for our users), but would prefer to use Config Profiles as this seems to be the direction Apple are heading.

Has anyone else hit this problem?

Andy

5 REPLIES 5

bentoms
Release Candidate Programs Tester

Is your PAC file URL an IP?

andyparkernz
New Contributor III

The path to the PAC file is a full URL and is accessible from outside of our network. (eg http://domain.com/ourpacfile.dat)

bentoms
Release Candidate Programs Tester

That was my second question.

As the URL is a public one, this will be why the clients are having issues... (You could see the same issue in some situations with an IP).

Can you use a private DNS/URL?

tkimpton
Valued Contributor II

Usually in a PAC file you have argument in there to say if it cannot find your proxy server, then go direct.

I would for a test put a PAC file locally on your machine. Point system proxy setting to it, go off the corporate network and see if it goes direct.

If so your problem relies on it be publically available. Then you either troubleshoot that or push out a local PAC file.

andyparkernz
New Contributor III

So am I right in thinking that a OS X configuration profile with a WiFi payload alters the proxy settings for the interface, even though we're only wanting to push out an SSID.

Seems a bit backwards since through the GUI and scripting the proxy settings can be set independent of the SSID.

Point taken about checking in the PAC file for the access to the proxy server. The catch is that our proxy server will be accessed from outside the corporate network as we have a subset of clients we want to force through it.