This KB is applicable to users on versions 10.0 and above.

Issue 

This KB will detail how to properly configure remote filtering. As of version 10 the Cipafilter offers a free self renewing certificate in the form of Let's Encrypt. If your organization utilizes a custom portal certificate such as Lets Encrypt you can deploy proxy settings via PAC file. You will want Let's Encrypt or some other Custom Portal Certificate configured before deploying the PAC file.

Note: Please see this link for further information regarding configuring Let's Encrypt.

Solution

Step 1. Navigate to Web Filtering and click Insert Remote-Filtering (1-to-1) Rule. Choose which fallback group you would like then hit Save and Apply.

Step 2. The PAC file can be found under Web Filtering > Advanced Configuration. 

Step 3. Deploy the PAC file via group policy, you may also apply the PAC file to individual devices. This varies depending on the device / platform. We recommend using HTTPS with HTTP fallback in most setups.

Note: Ensure "https" is included in your PAC files URL.

Step 4. Congratulations! You've successfully deployed PAC file settings!

Note: If you have set up Google O'auth prior to configuring your custom portal certificate, please update the redirect URL's found under Web Filtering > Authentication.