1
00:00:02,340 --> 00:00:06,420
So proxy servers are not as prevalent as they once were.

2
00:00:06,420 --> 00:00:11,650
They were pretty ubiquitous on enterprise networks probably in the 1990s,

3
00:00:11,650 --> 00:00:13,140
early 2000s or so.

4
00:00:13,140 --> 00:00:14,890
Not as common today,

5
00:00:14,890 --> 00:00:18,210
but they are still available and still around and still in use today,

6
00:00:18,210 --> 00:00:22,610
so you may encounter a scenario in which you need to define a proxy

7
00:00:22,610 --> 00:00:25,820
server's configuration for your Always On VPN endpoints.

8
00:00:25,820 --> 00:00:28,920
There's a couple of different ways to do this.

9
00:00:28,920 --> 00:00:32,420
The first is to explicitly define the proxy server,

10
00:00:32,420 --> 00:00:35,970
meaning tell the client to use this proxy server

11
00:00:35,970 --> 00:00:38,250
for all of its internet requests.

12
00:00:38,250 --> 00:00:39,000
And again,

13
00:00:39,000 --> 00:00:42,840
that proxy server hostname is just defined directly in the configuration.

14
00:00:42,840 --> 00:00:43,990
It's rather indiscriminate.

15
00:00:43,990 --> 00:00:47,440
If it's a web request, it's going to go to the proxy and that's it.

16
00:00:47,440 --> 00:00:52,520
You can also use proxy auto‑configuration with the proxy server settings

17
00:00:52,520 --> 00:00:56,480
stored in a proxy auto‑configuration, or PAC, file.

18
00:00:56,480 --> 00:01:00,690
So this PAC file is stored on a web server on your internal network or

19
00:01:00,690 --> 00:01:04,870
somewhere that's reachable by the endpoint, and then it essentially reads

20
00:01:04,870 --> 00:01:09,070
this file, and this file, the auto‑configuration file, contains some

21
00:01:09,070 --> 00:01:12,710
intelligence to route traffic according to,

22
00:01:12,710 --> 00:01:15,060
you know, divine policies and things like that.

23
00:01:15,060 --> 00:01:18,250
So there's a little more intelligence there and a little more functionality

24
00:01:18,250 --> 00:01:22,450
and a little more granular control for using the PAC file.

25
00:01:22,450 --> 00:01:24,590
It's important to understand, however,

26
00:01:24,590 --> 00:01:27,700
that the proxy settings that we're talking about for configuration for

27
00:01:27,700 --> 00:01:32,510
Always On VPN are only supported when you're using force tunneling. If

28
00:01:32,510 --> 00:01:36,480
you are using split tunneling, the proxy configuration settings here

29
00:01:36,480 --> 00:01:42,020
do not apply. In that scenario, you would define a system proxy, and

30
00:01:42,020 --> 00:01:47,090
you would do that using Group Policy or Intune or Endpoint Manager

31
00:01:47,090 --> 00:01:49,540
policies.

32
00:01:49,540 --> 00:01:51,550
So let's move onto the next demonstration where

33
00:01:51,550 --> 00:01:54,940
I'll configure VPN proxy settings.

34
00:01:54,940 --> 00:01:58,810
So once again, we're back in the Endpoint Manager admin center. We'll

35
00:01:58,810 --> 00:02:05,890
click on our Always On VPN User Tunnel, and this time we'll scroll down

36
00:02:05,890 --> 00:02:10,830
to our Configuration settings and choose Edit. In here, we're going to

37
00:02:10,830 --> 00:02:15,710
select the Proxy section, or expand the Proxy section. And here is our

38
00:02:15,710 --> 00:02:17,840
options to use a proxy server.

39
00:02:17,840 --> 00:02:21,810
We can define an automatic configuration script, and this

40
00:02:21,810 --> 00:02:27,000
is typically done using a URL and a full URL to the

41
00:02:27,000 --> 00:02:29,940
specific path of the PAC file itself.

42
00:02:29,940 --> 00:02:40,340
So for example, in my lab, it is https://proxy.lab.richardhicks.net/proxy.pac.

43
00:02:40,340 --> 00:02:44,480
And if I was using the auto‑configuration script, that's all I would do.

44
00:02:44,480 --> 00:02:49,380
So, if I wanted to use the explicit proxy configuration,

45
00:02:49,380 --> 00:02:54,040
I would simply remove this setting, and I would define my proxy server

46
00:02:54,040 --> 00:02:58,870
here. And in this case, it's just asking for the hostname. And in this

47
00:02:58,870 --> 00:03:03,870
case, I would also supply my port number, and I also have the option to

48
00:03:03,870 --> 00:03:08,990
bypass the proxy for local addresses. Now, it would appear in this

49
00:03:08,990 --> 00:03:14,040
management console that both an auto‑configuration and an explicit proxy

50
00:03:14,040 --> 00:03:15,790
configuration would be supported.

51
00:03:15,790 --> 00:03:19,760
So if I were to put my URL here to my auto‑configuration file,

52
00:03:19,760 --> 00:03:21,740
it would accept all of these.

53
00:03:21,740 --> 00:03:29,180
My suggestion is to use one or the other. I'm not exactly sure what the

54
00:03:29,180 --> 00:03:32,560
behavior is going to be like if you specify both an explicit and an

55
00:03:32,560 --> 00:03:37,140
auto‑configuration file. That may yield some unintended consequences, so my

56
00:03:37,140 --> 00:03:40,180
advice to you is choose one or the other,

57
00:03:40,180 --> 00:03:45,290
but avoid setting both of those. To configure proxy servers in XML, add the

58
00:03:45,290 --> 00:03:48,840
code on your screen here to your XML configuration file.

59
00:03:48,840 --> 00:03:53,310
This is the code you'll use for the explicit proxy, and then this is the

60
00:03:53,310 --> 00:03:56,060
code that you will use for the auto‑configuration.

61
00:03:56,060 --> 00:03:58,840
You'll see that it is slightly different.

62
00:03:58,840 --> 00:04:02,450
If we were to take a look at this in our actual XML file,

63
00:04:02,450 --> 00:04:06,890
we'll open this with Notepad here, and you'll see that our

64
00:04:06,890 --> 00:04:10,690
proxy server is defined in this block here.

65
00:04:10,690 --> 00:04:11,340
Now,

66
00:04:11,340 --> 00:04:14,940
one thing you'll notice is that I've included both the manual

67
00:04:14,940 --> 00:04:19,550
configuration and the auto‑configuration URL. As I said before,

68
00:04:19,550 --> 00:04:21,670
I don't recommend that. I've just done this for

69
00:04:21,670 --> 00:04:24,780
demonstration purposes so that you can see what this looks

70
00:04:24,780 --> 00:04:28,440
like in the actual XML file itself.

71
00:04:28,440 --> 00:04:30,660
So please remember to choose one or the other,

72
00:04:30,660 --> 00:04:39,000
but not both because I think setting both of these at the same time may yield some unexpected results