Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-13-2012 03:16 AM
Hi,
I was just wondering if anyone was successful in implementing Reverse Proxy solution on the PAN. As far as i know, Palo Alto does not do Reverse Proxy, but was even told that there was work around for it. Anyone who has been successful in acheiving this, could you please share it out with us.
Many thanks in advance.
Kind Regards,
02-13-2012 01:34 PM
Hi...It depends on what you want accomplish with reverse proxy. We can perform SSL decryption and inspect the contents inside for apps, malware, etc simply by putting the PA device in front of your servers. Thanks.
02-13-2012 11:20 PM
Also the PAN can be used for both SNAT ("forward proxy") and DNAT ("reverse proxy"), however it doesnt proxy any traffic on its own (except for the SSL and SSH part when doing termination).
So you can use a PAN to protect your webservers by setting up a DNAT rule along with SSL-termination to inspect HTTPS flows - and then in the security rule define which applications should be allowed (for example if its a bunch of Sharepoint-servers you wish to protect).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
