PA NGFW with WSA proxy

cancel
Showing results for 
Search instead for 
Did you mean: 

PA NGFW with WSA proxy

L2 Linker

Hi

Am trying to integrate Palo Alto NGFW with proxy web security appliance (Forcepoint WSA). Can palo alto PBF used to send web traffic traffic requests.

All we are trying is to implement proxy transparently. 

Is there any equivalent of WCCP in Palo Alto.

2 REPLIES 2

L7 Applicator

PBF will force packets out of a different interface than what the routing table points towards, but you cn't change the port or make a session into a proxy connection. If the Proxy is fully transparant you could connect it directly to the firewall with an ISP upink behind it and set PBF to split off all port 80 and 443 to the second ISP, pssing through the proxy while getting there.

 

the palo isn't a proxy o doesn't have proxy features (you can set up wccp on your switches and direct trafic as you see fit, you can set the firewall in layer2 mode with l3 vlan interfaces for routing purpoeses, this would allow you to direct traffic where you need it)

Tom Piens
PANgurus

Thank you @reaper 

Proxy is not transparent. I liked your idea on WCCP in the switch. Let me R&D on it's feasibility.

Core-switch is Cisco. WCCP can forward traffic to WSA. From the WSA I hope traffic can be forwarded to gateway firewall or back to core switch.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!