My goal is the following:
have the palo alto insert something into the http stream that would allow me to detect which firewall it went through. I am working on a FW load balancing scenario in which multiple active firewalls can handle each request. I have a script set up on a client to initiate multiple connections to a server and simply download the web page (it's just a curl command). I just want the PA to insert SOMETHING, SOMEWHERE, that i can parse out either on the server or client. This is a lab setup, so I have full control of all devices. I don't care if it's a custom response page, inserting an HTTP GET variable into the URL, or whatever. as long as i can parse it out using a script (i can't require a 'mouse click'), i'm fine. Since i'm fairly new to Palo Alto stuff, I'm not sure if this is even possible.
Does anyone have any ideas?
Basically what you're looking for is something like the way you can inject an X-Forwarded-For header into an HTTP data stream from the PA (really you'd want "X-Forwarded-By"). I only know of ways to do this with proxies... I'm not aware of a way to do it with PA with their current feature set. PA can PARSE X-Forwarded-For, but I don't see a way where the firewall itself can inject it.
yeah, something along those lines, or any creative way to do this....
could I set up a simple block page that embeds the original page within it? i don't think that would work, but wasn't sure.
just trying to think of anything creative. would a continue page work that automatically 'continues'? I assume that would work fine if it was an actual user as the client.
I’m attempting to do the following:
Create a ‘continue’ or ‘override’ page that just redirects the user to the existing url with “?fw=X” appended to it. I think that part works, but I can’t get the block/allow match to keep me out of an infinite loop.
I set my “block list” to:
And my “allow list” to:
However, it appears that the block list is processed before the allow list because of the infinite loop.
Anyone have any ideas how to specify the block list to be "exactly this and nothing else at the end". I tried a '$' for regex 'end of line' but that didn't work.
my 'continue/override' page is nothing more than the following:
<meta http-equiv="refresh" content="0; url=<url/>?fw=X">
where 'X' is a number that indicates the firewall i'm traversing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!