The VMware Cloud Web Security (CWS) Web Proxy feature is designed to activate the standalone use of the Cloud Web Security service without the need for VMware SD-WAN or VMware Secure Access (SA). Any device with a modern browser that can support a network proxy configuration, either manually or automatically through a proxy auto-configured (PAC) file can have its Web traffic redirected to the VMware Cloud Web Security service for security inspection.

The Web Proxy Service is hosted by a VMware SASE Point of Presence (PoP) and activated using the VMware Cloud Orchestrator. When users activate the Web Proxy functionality in CWS:

• A unique proxy URL is generated for the tenant
• A CWS policy is associated with the Web proxy service
• A default PAC file is generated by the system
• Custom PAC files can be created
• Orchestrator instructs the PoP to listen for proxied connections
• Proxy connections are service chained to CWS for inspection