Inspection of 'http-proxy' traffic

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Inspection of 'http-proxy' traffic

L1 Bithead

My instinct when I read my own title is to tell me to block the app-id type http-proxy as I can't see inside it and it shouldn't be on my network.

However, I have a requirement, mostly due to legacy infrastructure, where all the traffic passing through my PA firewall will effectively terminate on a proxy server (probably bluecoat) further down the line.

Is it possible in anyway on the PA to inspect further into the http-proxy app to see what is really going on? from a reporting perspective my visibility into the traffic is about the same as it was prior to installing the box (nil)

keen for someone to surprise me on this one Smiley Happy


L4 Transporter

What type of proxying are you doing?  You should still have visibility into the traffic.  The only time you wouldn't is if you are encrypting the traffic and the PA is not doing decryption.

L0 Member

Try Object - Security Profile and select Url Filtering Profile you are using for www-traffic. Then select under desired profile: Settings - and enable: User-Agent, Referer and X-Forwarded for. You'll need to have PAN-OS version 6.x. This will enable more log entries in the log file, just like Blue Coat logging does (and makes proxy logging irrelevant, since now the same information is shown in the PA ;).

I hope I understood your question right.



I think you are spot on!  loki, adding those entries will enable your PA to look past the proxy app to give you what you are looking for.

Yep, understood, this is the path all the reading about proxy logging has taken me down, good to see there is a way to see that info.

I'll let you know how it goes.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!