topic Re: X FORWARD FOR with USER ID in General Topics

X FORWARD FOR with USER ID

Gregoux — Wed, 29 Jan 2014 08:55:49 GMT

Hello

is it possible to use ip retrieved from the x forwarded header and combined with the user-id.

my aim is to filter access per active directorie usergroup, but I have a proxy implemented between the palo and the user device.

thank

Re: X FORWARD FOR with USER ID

kdd — Wed, 29 Jan 2014 10:55:10 GMT

Hi Gregoux,

the links explain how to enable it and how it will work

https://live.paloaltonetworks.com/docs/DOC-1128

instead of CLI via browser Device > Setup > Content-ID

The "strip x-forwarded for" option replaces the ip-address with zeros. so that the destination is not able to see the clients ip-address

Regards Klaus

Re: X FORWARD FOR with USER ID

mr.linus — Wed, 29 Jan 2014 11:13:53 GMT

Hi,

Do I understand correctly that you want to retrieve the client IP via "x-forwarded for" and then let the PA use its User-ID to map this IP to a user?

I don't think this will be possible, based on the DOC provided by kdd, since the client IP will be "written" in the "source user" column.

Looks like a nice feature request to me though. Kind of like the Terminal Services User-ID agent can identify users based on source port, maybe a Proxy User-ID agent that can find users based on "x-forwarded for"...

Re: X FORWARD FOR with USER ID

Mt_103 — Thu, 30 Jan 2014 01:37:25 GMT

Hi,

I also need to retrieve the "source user" who under the PROXY.

Now, I find the user name by check "user_ip_map" and "x-forwarded for".

But this is very very heavy work..

If PAN create new columns "x-forwarded for" and "x-forwarded for user" like "source" and "source user " in traffic log & URL Filtering log,

it is very helpful and much enough for my need.