- Basics
- The Knox Ecosystem
- White Paper
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Introduction
- Accept or reject devices
- Upload devices
- Delete devices
- Complete payment
- Send payment overdue notification
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
What is PAC?
PAC (Proxy Auto Config) is a text file that instructs a browser or an app to forward traffic to a certain proxy server, instead of directly to the destination website. It contains JavaScript that specifies the proxy server, and optionally, additional parameters that specify when and under what circumstances a browser forwards traffic to the proxy server.
For example: In a corporate network, an IT manager may enforce employees to type in the URL of the PAC file in the settings menu of their browsers. The browser would then connect to a proxy server first based on the routing logic stated in the PAC file.
*In Internet Explorer, this option can be found under Internet Options > Connection > LAN Settings > Auto Configuration Script
Why are proxies needed?
Forwarding traffic to a proxy server instead of directly connecting to the destination server protects end devices from potential security threats by hiding their IP address, location, and other personal information. The destination server sees the traffic coming from the proxy server, instead of from the end devices.
Additionally, if an IT department mandates employees to connect to the Internet through proxy servers only, corporate-level and employee-level traffic history can be monitored and tracked from the proxy server. This can reduce network costs by reducing the amount of Internet traffic going in and out of the company. Frequently visited websites and content are stored in the proxy server for immediate delivery to the end devices.
What's the benefit of PAC?
Large companies, especially in security sensitive industries (i.e. government, financial services, etc.) usually operate multiple proxy servers to balance and categorize traffic load. PAC can enable these large organizations to easily configure the forwarding rules on a single text file for all proxy servers.
The IT department can enforce the same Internet traffic rules for both mobile devices and PC's to better manage their security by white-listing which firewall ports are open or closed.
How does Knox support Proxy and PAC?
There are two options to enable proxy or PAC function on Samsung devices:
- Option 1: A user can type the proxy server address or the PAC URL on the settings menu of the device itself.
- Option 2: An IT manager can seamlessly push the proxy or PAC profile to the device remotely.
To remotely push PAC profiles (Option 2), Knox provides a set of APIs for EMMs to configure proxy and PAC settings remotely through Knox SDK. Each EMM provider needs to develop the feature on their EMM server and client.
Support for proxy and PAC:
Support for PAC varies by connection type and Knox version:
Global Type:
- Configuring proxy/PAC to all HTTP traffic from device (3G/4G, WiFi, VPN)
- Not able to configure proxy/PAC to traffic from the container or from individual apps
WiFi Type:
- Configuring proxy/PAC to all traffic via WiFi
- Not able to configure from the container or app-level
VPN Type:
- Configuring proxy/PAC to all traffic via VPN
- VPN tunneling from the device and VPN gateway right before reaching the proxy server
- Capable of configuring proxy/PAC to traffic from the container only or from particular apps only
Knox also supports basic and advanced authentication methods for access to proxy servers:
- Basic Authentication is for a simple ID and password authentication method without any encryption
- NTLMv1 and v2 are advanced authentication methods which encrypt ID and password information
Knox feature availability for each proxy and PAC type
|
Global |
Wi-Fi |
VPN |
|
|
Manual Proxy Setup |
v2.5.1 |
v2.5.1 |
v2.5.1 |
|
Automatic Proxy Setup via PAC |
v2.7 |
v2.5.1 |
v2.5.1 |
|
Basic Authentication |
v2.7 |
v2.7 |
v2.5.1 |
|
NTLMv1 Authentication |
v2.7 |
v2.7 |
v2.5.1 |
|
NTLMv2 Authentication |
N/A |
N/A |
v2.7 |
*Manual proxy settings for Browser are supported from v1.0. But Chrome browser is not supported from v2.6
Knox PAC is available in our mobile security solution: Knox Platform for Enterprise
