This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Inspection of 'http-proxy' traffic

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Inspection of 'http-proxy' traffic

loki
L1 Bithead

‎03-11-2015 04:20 AM

My instinct when I read my own title is to tell me to block the app-id type http-proxy as I can't see inside it and it shouldn't be on my network.

However, I have a requirement, mostly due to legacy infrastructure, where all the traffic passing through my PA firewall will effectively terminate on a proxy server (probably bluecoat) further down the line.

Is it possible in anyway on the PA to inspect further into the http-proxy app to see what is really going on? from a reporting perspective my visibility into the traffic is about the same as it was prior to installing the box (nil)

keen for someone to surprise me on this one Smiley Happy

4 REPLIES 4

Dz3015
L4 Transporter

‎03-11-2015 07:15 AM

What type of proxying are you doing?  You should still have visibility into the traffic.  The only time you wouldn't is if you are encrypting the traffic and the PA is not doing decryption.

0 Likes Likes

PauliLaine
L0 Member

‎03-11-2015 10:55 PM

Try Object - Security Profile and select Url Filtering Profile you are using for www-traffic. Then select under desired profile: Settings - and enable: User-Agent, Referer and X-Forwarded for. You'll need to have PAN-OS version 6.x. This will enable more log entries in the log file, just like Blue Coat logging does (and makes proxy logging irrelevant, since now the same information is shown in the PA ;).

I hope I understood your question right.

Regards,

Pauli

Dz3015
L4 Transporter
In response to PauliLaine

‎03-12-2015 07:59 AM

I think you are spot on!  loki, adding those entries will enable your PA to look past the proxy app to give you what you are looking for.

0 Likes Likes

loki
L1 Bithead
In response to PauliLaine

‎03-12-2015 03:27 PM

Yep, understood, this is the path all the reading about proxy logging has taken me down, good to see there is a way to see that info.

I'll let you know how it goes.

0 Likes Likes
  • 4998 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks