PA-500 problem with ISA Proxy Server

Showing results for 
Search instead for 
Did you mean: 

PA-500 problem with ISA Proxy Server

Not applicable


We have the question concerning using Palo Alto with Microsoft ISA Server.
We have implementation of a Palo Alto in the network where Microsoft ISA Server is used as proxy (8080 port). We installed PA in network as Virtual Wire so we don't disturb their current infrastructure. In Monitor we could only se users going to the proxy as the Destination, and proxy as a Source when going outside. We couldn't use filtering by users also ( they have Microsoft's Active Directory). Is there a way we could use PA in the inviroment where ISA is used as Proxy?


L1 Bithead

Not a big fan of this because it shows your real IP Address on the Internet but you can turn on X-Forward Header on the ISA Server and PA-500.

ISA does not perform this function without a plug-in from Winfrasoft or Trustlist.

You will need to CLI into the PA-500 and perform the following:

set deviceconfig setting ctd x-forwarded-for yes

Just make sure the ISA is sending the X-Forward in the correct format: X-Forwarded-For: client1, proxy1, proxy2

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!