Can PA firewall work as Explicit proxy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Can PA firewall work as Explicit proxy

L2 Linker

Dear All,

Can Palo Alto firewall works as explicit proxy for internal usets ? Appreciate sharing official article .

4 accepted solutions

Accepted Solutions

Cyber Elite
Cyber Elite

Hello,

Depends on your definition of proxy. However yes the PAN can act as a proxy if you enable user-id and set your policies to inspect and log the traffic.

 

Hope that helps.

View solution in original post

Cyber Elite
Cyber Elite

@mohammedsalhis,

In the traditional sense of an explicit proxy being configured directly on a client, then no. The firewall can't be configured as an explicit proxy from that regard. It can act like a transparent proxy as @OtakarKlier mentioned. 

In the end I like to tell people that the exact same functionality can be achieved, but its kind of wrong to call the firewall a "proxy" in the old school sense of the word. 

View solution in original post

L7 Applicator

It’s a No. the ssl proxy is a proxied connection but only for the ssl handshake and key negotiation to enable packet decryption. The actual traffic flow from A to B is simply decrypted and then re-encrypted. Is is not re-written as would be by a true proxy. 

View solution in original post

L2 Linker
4 REPLIES 4

Cyber Elite
Cyber Elite

Hello,

Depends on your definition of proxy. However yes the PAN can act as a proxy if you enable user-id and set your policies to inspect and log the traffic.

 

Hope that helps.

Cyber Elite
Cyber Elite

@mohammedsalhis,

In the traditional sense of an explicit proxy being configured directly on a client, then no. The firewall can't be configured as an explicit proxy from that regard. It can act like a transparent proxy as @OtakarKlier mentioned. 

In the end I like to tell people that the exact same functionality can be achieved, but its kind of wrong to call the firewall a "proxy" in the old school sense of the word. 

L7 Applicator

It’s a No. the ssl proxy is a proxied connection but only for the ssl handshake and key negotiation to enable packet decryption. The actual traffic flow from A to B is simply decrypted and then re-encrypted. Is is not re-written as would be by a true proxy. 

L2 Linker

Thank you all 

  • 4 accepted solutions
  • 4285 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!