My instinct when I read my own title is to tell me to block the app-id type http-proxy as I can't see inside it and it shouldn't be on my network.
However, I have a requirement, mostly due to legacy infrastructure, where all the traffic passing through my PA firewall will effectively terminate on a proxy server (probably bluecoat) further down the line.
Is it possible in anyway on the PA to inspect further into the http-proxy app to see what is really going on? from a reporting perspective my visibility into the traffic is about the same as it was prior to installing the box (nil)
keen for someone to surprise me on this one :smileyhappy:
What type of proxying are you doing? You should still have visibility into the traffic. The only time you wouldn't is if you are encrypting the traffic and the PA is not doing decryption.
Try Object - Security Profile and select Url Filtering Profile you are using for www-traffic. Then select under desired profile: Settings - and enable: User-Agent, Referer and X-Forwarded for. You'll need to have PAN-OS version 6.x. This will enable more log entries in the log file, just like Blue Coat logging does (and makes proxy logging irrelevant, since now the same information is shown in the PA ;).
I hope I understood your question right.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!