During AirWatch Tunnel installation, we specify to utilize a PAC file so that all Internet traffic through the AirWatch Browser will go through the Blue Coat Secure Web Gateway except those explicitly noted within the PAC file similar to the one below.
function FindProxyForURL(url, host)
if (dnsDomainIs(host, “.mydomain.com”) ||
if (isInNet(host, “10.30.0.0”, “255.254.0.0”) ||
isInNet(host, “127.0.0.0”, “255.0.0.0”) ||
return “PROXY proxy.mydomain.net:80”;
If there is ever an update to the PAC file, we have two options to update it on the AirWatch Tunnel Proxy Endpoint server(s):
- Re-run installer and point to the updated PAC file, or,
- Update the existing PAC file and restart the AirWatch Tunnel Proxy Windows service.
This blog post outlines the steps required via option 2. The steps are:
- Log onto the server via RDP.
- Launch Notepad as administrator (or you will get access denied after making the change).
- Browse to C:\AirWatch\TunnelProxy\conf and open proxy.pac file.
- Make a copy of the file and rename it by appending .old at the end.
- Update and save the current file accordingly.
- Restart the AirWatch Tunnel Proxy Windows service.
- Repeat the steps above on remaining AirWatch Tunnel Proxy Endpoint servers wherever applicable.
To confirm successful implementation of this change, you may do the below:
- From a device, confirm access to Intranet and Internet via AirWatch Browser.
- Log onto AirWatch web console. Then go to Groups & Settings -> All Settings -> System -> Enterprise Integration -> AirWatch Tunnel
- Click Test Connection at the bottom of the page to ensure no error is found.
Hope you find this post helpful!