07-23-2014 05:18 AM
I have a PA5020 and am using a proxy server to filter internet traffic. In the traffic monitor all the traffic I see going to the web is from the proxy server. I turned this feature on on the firewall. Enabling support for the X-Forwarded-For HTTP header. After enabling this feature I didn't see any difference in the monitor section of the firewall.
Is there anyway I can identify the user or IP address instead of just identifying the proxy server.
Thanks
07-23-2014 08:44 AM
Hello aguley,
Since you don't have URL filtering license, I presume you don't have URL filtering profile applied to any of your security policies. If you don't have URL filtering profiles applied to security policies, then you won't see URL filtering logs.
Thanks and regards,
Kunal Adak
07-23-2014 06:54 AM
Hello aguley,
I went through Enabling support for the X-Forwarded-For HTTP header. document and didn't see the commit operation mentioned.
If you have enabled it from the configuration mode, lets make sure you commit the configuration:
> configure
# set deviceconfig setting ctd x-forwarded-for yes
#commit force
Regards,
Kunal Adak
07-23-2014 07:22 AM
That's the command that I ran and I commited the changes as well. Still just seeing traffic from proxy. Or possibly I am looking in the wrong place. Should I just see it in the monitor section of the firewall or do I need to dig deeper into some logs?
Thanks
07-23-2014 07:28 AM
Hello aguley,
I hope you are looking into URL logs for X-forwarded information - not the traffic logs.
Reference:
x-forward source user information is not showing in traffic logs
Hope that helps!
Thanks and regards,
Kunal Adak
07-23-2014 07:31 AM
I am looking at the traffic logs. I am getting an error trying to click on your link saying access is restircted. How do I view the URL logs for X-forwarded information?
I am very new to PA so thank you for the very quick responses.
07-23-2014 07:41 AM
Hello aguley,
Under Monitor tab, click on URL filtering logs. Under URL filtering logs, you need to have the 'source user' column. If it doesn't have by default, then you can add the column.
Or you can enable it :
Thanks and regards,
Kunal Adak
07-23-2014 08:07 AM
We are not using the PA url filtering. We are filtering with our proxy. Should I still see the traffic in the URL Filtering of the PA. I am not seeing anything currently in it.
07-23-2014 08:44 AM
Hello aguley,
Since you don't have URL filtering license, I presume you don't have URL filtering profile applied to any of your security policies. If you don't have URL filtering profiles applied to security policies, then you won't see URL filtering logs.
Thanks and regards,
Kunal Adak
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
