Inspection of 'http-proxy' traffic

Reply
L1 Bithead

Inspection of 'http-proxy' traffic

My instinct when I read my own title is to tell me to block the app-id type http-proxy as I can't see inside it and it shouldn't be on my network.

However, I have a requirement, mostly due to legacy infrastructure, where all the traffic passing through my PA firewall will effectively terminate on a proxy server (probably bluecoat) further down the line.

Is it possible in anyway on the PA to inspect further into the http-proxy app to see what is really going on? from a reporting perspective my visibility into the traffic is about the same as it was prior to installing the box (nil)

keen for someone to surprise me on this one :smileyhappy:

L4 Transporter

Re: Inspection of 'http-proxy' traffic

What type of proxying are you doing?  You should still have visibility into the traffic.  The only time you wouldn't is if you are encrypting the traffic and the PA is not doing decryption.

L0 Member

Re: Inspection of 'http-proxy' traffic

Try Object - Security Profile and select Url Filtering Profile you are using for www-traffic. Then select under desired profile: Settings - and enable: User-Agent, Referer and X-Forwarded for. You'll need to have PAN-OS version 6.x. This will enable more log entries in the log file, just like Blue Coat logging does (and makes proxy logging irrelevant, since now the same information is shown in the PA ;).

I hope I understood your question right.

Regards,

Pauli

L4 Transporter

Re: Inspection of 'http-proxy' traffic

I think you are spot on!  loki, adding those entries will enable your PA to look past the proxy app to give you what you are looking for.

Highlighted
L1 Bithead

Re: Inspection of 'http-proxy' traffic

Yep, understood, this is the path all the reading about proxy logging has taken me down, good to see there is a way to see that info.

I'll let you know how it goes.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!