[Gateway] CONNECT proxy/PAC file identity

public/__redirects

@@ -2301,6 +2301,7 @@
 /cloudflare-one/team-and-resources/devices/warp/user-side-certificates/ /cloudflare-one/team-and-resources/devices/user-side-certificates/ 301
 /cloudflare-one/traffic-policies/lists/ /cloudflare-one/reusable-components/lists/ 301
 /cloudflare-one/traffic-policies/ids/ /cloudflare-one/traffic-policies/enable-ids/ 301
+/cloudflare-one/team-and-resources/devices/agentless/pac-files/ /cloudflare-one/team-and-resources/devices/agentless/pac-files/configure-pac-files/ 301
 
 # Email Security new revamp (statics)
 /cloudflare-one/email-security/auto-moves/ /cloudflare-one/email-security/settings/auto-moves/ 301

src/content/docs/cloudflare-one/team-and-resources/devices/agentless/pac-files/best-practices.mdx

@@ -0,0 +1,6 @@
+---
+pcx_content_type: how-to
+title: Best practices for writing PAC files
+sidebar:
+  order: 3
+---

src/content/docs/cloudflare-one/team-and-resources/devices/agentless/pac-files.mdx → src/content/docs/cloudflare-one/team-and-resources/devices/agentless/pac-files/configure-pac-files.mdx

@@ -1,8 +1,8 @@
 ---
 pcx_content_type: how-to
-title: PAC files
+title: Configure PAC files
 sidebar:
-  order: 1
+  order: 2
 ---
 
 import {
@@ -13,14 +13,14 @@ import {
 	APIRequest,
 } from "~/components";
 
+<GlossaryDefinition term="PAC file" prepend="A PAC file is " />
+
 :::note
-Only available on Enterprise plans.
+PAC files are only available on Enterprise plans.
 :::
 
 You can apply Gateway HTTP and DNS policies at the browser level by configuring a Proxy Auto-Configuration (PAC) file to connect to a proxy endpoint.
 
-<GlossaryDefinition term="PAC file" prepend="A PAC file is " />
-
 When end users visit a website, their browser will send the request to a Cloudflare proxy server associated with your account to be filtered by Gateway. Note that Gateway [cannot filter every type of HTTP traffic](#limitations) proxied using PAC files.
 
 ## Prerequisites
@@ -61,6 +61,19 @@ Your Cloudflare proxy server domain is of the form:
 https://<SUBDOMAIN>.proxy.cloudflare-gateway.com
 ```
 
+Once you create an endpoint, the dashboard will display an option to add additional endpoints:
+
+1. Go to **Networks** > **Resolves & Proxies** > **Proxy endpoints**.
+2. Select **Add an endpoint**.
+3. Select the type of proxy endpoint you want to create. Choose between **Authorization** for an authorization endpoint, or **Source IP address**.
+
+If you select **Authorization**:
+
+1. Enter your basic information.
+2. Add an existing policy, or [create a new policy](/cloudflare-one/access-controls/policies/).
+3. Add your login method.
+4. Once you filled all the information, select **Save**.
+
 </TabItem>
 
 <TabItem label="API">
@@ -114,6 +127,19 @@ https://<SUBDOMAIN>.proxy.cloudflare-gateway.com
 
 </Tabs>
 
+### Edit an existing proxy endpoint
+
+To edit an existing proxy endpoint:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Networks** > **Resolvers & Proxies** > **Proxy endpoints**.
+2. Select **Proxy endpoints**, then select the three dots.
+3. Select **Configure**, and choose the information you want to edit:
+    - **Basic info**: Enter your basic info, then select **Save**.
+    - **Access policies**: Here, you can:
+        - Select existing policies or create a new policy.
+        - Select the three dots that allow you to 
+    - **Login methods**:
+
 ## 2. Test your proxy server
 
 1. In [Cloudflare One](https://one.dash.cloudflare.com/), create an [HTTP policy](/cloudflare-one/traffic-policies/http-policies/) for testing purposes. For example:
@@ -164,6 +190,29 @@ function FindProxyForURL(url, host) {
 - Use a proper text editor such as VS Code to avoid added characters.
   :::
 
+### Add additional PAC files
+
+To add additional PAC files:
+
+1. Go to **Networks** > **Resolves & Proxies** > **Proxy endpoints**.
+2. Select **Add PAC files**.
+3. Here, you can add **PAC file details** and **Setup instructions**. 
+    In **PAC files details:**
+        - Enter the **Basic Information**.
+        - Enter the **PAC file configuration** > Select **Browse PAC file configuration templates** and choose a pre-configured template to customize. The only available outputs are Okta and Azure. Once you select the template, the **PAC file JavaScript** is going to be populated with a template.
+    In **Setup instructions:**
+        - Choose a browser and follow the instructions.
+4. Select **Create**.
+
+### Edit your PAC files
+
+To edit your PAC files:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Networks** > **Resolvers & Proxies** > **Proxy endpoints** > **PAC files**.
+2. Locate the PAC file you want to edit, select the three dots, then select **Configure**.
+3. Edit **PAC files details** and/or **Setup instructions**.
+4. Select **Save**.
+
 ## 4. Configure your devices
 
 All major browsers support PAC files. You can configure individual browsers, or you can configure system settings that apply to all browsers on the device. Multiple devices can call the same PAC file as long as their source IP addresses were included in the proxy endpoint configuration.
@@ -306,16 +355,4 @@ Using your proxy endpoint's domain, you can get the IP addresses assigned to the
 
 </Tabs>
 
-To ensure responses are allowed through your firewall, add an inbound rule to allow the static IPv4 address for Cloudflare proxy endpoints, `162.159.193.21`.
-
-## Limitations
-
-### Traffic limitations
-
-The agentless HTTP proxy does not support [identity-based policies](/cloudflare-one/traffic-policies/identity-selectors/) or mTLS authentication.
-
-To enforce HTTP policies for UDP traffic, you must turn on the [Gateway proxy for UDP](/cloudflare-one/traffic-policies/http-policies/http3/#enable-http3-inspection).
-
-### Gateway DNS and resolver policies
-
-Gateway DNS and resolver policies will always apply to traffic proxied via PAC files, regardless of device configuration.
+To ensure responses are allowed through your firewall, add an inbound rule to allow the static IPv4 address for Cloudflare proxy endpoints, `162.159.193.21`.

src/content/docs/cloudflare-one/team-and-resources/devices/agentless/pac-files/index.mdx

@@ -0,0 +1,9 @@
+---
+pcx_content_type: how-to
+title: PAC files
+sidebar:
+  order: 1
+  group:
+    hideIndex: true
+---
+

src/content/docs/cloudflare-one/team-and-resources/devices/agentless/pac-files/limitations.mdx

@@ -0,0 +1,16 @@
+---
+pcx_content_type: how-to
+title: Limitations
+sidebar:
+  order: 4
+---
+
+## Traffic limitations
+
+The agentless HTTP proxy does not support [identity-based policies](/cloudflare-one/traffic-policies/identity-selectors/) or mTLS authentication.
+
+To enforce HTTP policies for UDP traffic, you must turn on the [Gateway proxy for UDP](/cloudflare-one/traffic-policies/http-policies/http3/#enable-http3-inspection).
+
+## Gateway DNS and resolver policies
+
+Gateway DNS and resolver policies will always apply to traffic proxied via PAC files, regardless of device configuration.