ISA 2006 proxy replacement

cancel
Showing results for 
Search instead for 
Did you mean: 

ISA 2006 proxy replacement

L4 Transporter

I want to use my PA as a proxy for the internet and want to remove my current  ISA 2006 proxy server. I was curious what methods others are using and if you have any detailed step by step instruction how to configure this.

30 REPLIES 30

L4 Transporter

so isn't anyone using there palo as a replacement for a proxy server and if so how did you configure it?

L4 Transporter

so isn't anyone using there palo as a replacement for a proxy server and if so how did you configure it?

L4 Transporter

Paloalto is not a proxy. To use us as a replacement for a proxy, you would create rules that allow "application = web-browsing" and "application = ssl" and apply a URL filtering profile and an antivirus profile. You can enable SSL Decryption to act as a "man in the middle" and inspect encrypted files to protect against malware.

L4 Transporter

hi InfoTech,

our company was also using TMG/ISA. We replaced them with the PA. To replace the proxy with PA you have to do following:

1) Route internet traffic to the PA (ip route static 0.0.0.0 0.0.0.0 "PA-GATEWAY-INTERFACE-IP")

2) Remove from your Web-Browser ANY proxy settings (IE: internet options -> Connections -> LAN Settings). This can be done easily with GPO.

You need only your proxy, if you want to use it as a reverse proxy. Or you can use a IIS as a ARR Application Request Routing : The Official Microsoft IIS Site


I am doing my proxy by GPO not by adding the proxy information into the web browser.  So did you create groups on your PA? I wanted to give some groups full access to anything and limited to others how did you do that?

Hi,

we created some AD Groups and added them in the firewall policy (domain/Group-Name).

You need to configure the User-ID Agent (Install the agent on any server or use the agentless User-ID on your PA). Also you have to add your AD Groups in the "Group Mapping Settings". You will find some documentation here in the forum....

Okay I already set up the agentless user-id on the pa and am able to add groups in the group mapping settings. So is the next step to create security policies? Is it possible to make a no proxy rule, limited access and no access groups can it be that granular? If so how do you do it?

it's quite difficult to explain. but read the admin guide: https://live.paloaltonetworks.com/docs/DOC-6603

And I also don't know what you want to restrict. There are so many ways to restrict and allow internet traffic. With URL Filtering, allow application, data filtering and so on...

Thanks I will take a look

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!