To allow the Web Security service to monitor web traffic, all web traffic needs to be routed through the Web Security service. The Web Security service acts as a proxy server that either allows a specific request or response to pass through or blocks the traffic.
One of the options to route the traffic to the Web Security service, is to use a Proxy Auto-Configuration (PAC) file.
The PAC file is hosted in the Web Security service. The PAC file address is available in the Web Security Administration Console, in the Settings page, in the Web Security tab.
The Web Security Agent enforces web browsers to use this PAC file. The Web Security Agent is a lightweight service that runs in the background and checks whether the browser is configured to use the PAC file. If a user manually changes the security settings of the browser and disables the PAC file, then the Agent immediately reconfigures the browser to use the PAC file.
In addition, for customers who selected the option to perform SSL Inspection for HTTP traffic the Web Security Agent includes the SSL certificate used by the Web Security service. Upon installation this certificate is installed in the system certificate store (keychain) of the user to support SSL termination.