PA5020 and Proxy Server

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA5020 and Proxy Server

Not applicable

I have a PA5020 and am using a proxy server to filter internet traffic.  In the traffic monitor all the traffic I see going to the web is from the proxy server.  I turned this feature on on the firewall.  Enabling support for the X-Forwarded-For HTTP header.  After enabling this feature I didn't see any difference in the monitor section of the firewall.


Is there anyway I can identify the user or IP address instead of just identifying the proxy server.

Thanks

1 accepted solution

Accepted Solutions

Hello aguley,

Since you don't have URL filtering license, I presume you don't have URL filtering profile applied to any of your security policies. If you don't have URL filtering profiles applied to security policies, then you won't see URL filtering logs.

Thanks and regards,

Kunal Adak

View solution in original post

7 REPLIES 7

L5 Sessionator

Hello aguley,

I went through Enabling support for the  X-Forwarded-For HTTP header. document and didn't see the commit operation mentioned.

If you have enabled it from the configuration mode, lets make sure you commit the configuration: 

> configure

# set deviceconfig setting ctd x-forwarded-for yes

#commit force



Regards,

Kunal Adak

That's the command that I ran and I commited the changes as well.  Still just seeing traffic from proxy.  Or possibly I am looking in the wrong place.  Should I just see it in the monitor section of the firewall or do I need to dig deeper into some logs?

Thanks

Hello aguley,

I hope you are looking into URL logs for X-forwarded information - not the traffic logs.

Reference:

x-forward source user information is not showing in traffic logs

Hope that helps!

Thanks and regards,

Kunal Adak

I am looking at the traffic logs.  I am getting an error trying to click on your link saying access is restircted.  How do I view the URL logs for X-forwarded information?

I am very new to PA so thank you for the very quick responses. 

Hello aguley,

Under Monitor tab, click on URL filtering logs. Under URL filtering logs, you need to have the 'source user' column. If it doesn't have by default, then you can add the column.

Or you can enable it :

Thanks and regards,

Kunal Adak

We are not using the PA url filtering.  We are filtering with our proxy.  Should I still see the traffic in the URL Filtering of the PA.  I am not seeing anything currently in it. 

Hello aguley,

Since you don't have URL filtering license, I presume you don't have URL filtering profile applied to any of your security policies. If you don't have URL filtering profiles applied to security policies, then you won't see URL filtering logs.

Thanks and regards,

Kunal Adak

  • 1 accepted solution
  • 5365 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!