This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
PA5020 and Proxy Server
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- PA5020 and Proxy Server
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-23-2014 05:18 AM
I have a PA5020 and am using a proxy server to filter internet traffic. In the traffic monitor all the traffic I see going to the web is from the proxy server. I turned this feature on on the firewall. Enabling support for the X-Forwarded-For HTTP header. After enabling this feature I didn't see any difference in the monitor section of the firewall.
Is there anyway I can identify the user or IP address instead of just identifying the proxy server.
Thanks
1 ACCEPTED SOLUTION
Accepted Solutions
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-23-2014 08:44 AM
Hello aguley,
Since you don't have URL filtering license, I presume you don't have URL filtering profile applied to any of your security policies. If you don't have URL filtering profiles applied to security policies, then you won't see URL filtering logs.
Thanks and regards,
Kunal Adak
7 REPLIES 7
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-23-2014 06:54 AM
Hello aguley,
I went through Enabling support for the X-Forwarded-For HTTP header. document and didn't see the commit operation mentioned.
If you have enabled it from the configuration mode, lets make sure you commit the configuration:
> configure
# set deviceconfig setting ctd x-forwarded-for yes
#commit force
Regards,
Kunal Adak
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-23-2014 07:22 AM
That's the command that I ran and I commited the changes as well. Still just seeing traffic from proxy. Or possibly I am looking in the wrong place. Should I just see it in the monitor section of the firewall or do I need to dig deeper into some logs?
Thanks
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-23-2014 07:28 AM
Hello aguley,
I hope you are looking into URL logs for X-forwarded information - not the traffic logs.
Reference:
x-forward source user information is not showing in traffic logs
Hope that helps!
Thanks and regards,
Kunal Adak
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-23-2014 07:31 AM
I am looking at the traffic logs. I am getting an error trying to click on your link saying access is restircted. How do I view the URL logs for X-forwarded information?
I am very new to PA so thank you for the very quick responses.
Related Content
- How to solve Timeout error in market place in Cortex XSOAR Discussions
- Global protect VPN disconnecting multiple times in GlobalProtect Discussions
- How to get/send DNS logs to on-prem SIEM -- DNS Proxy + DNS Security in General Topics
- Problems with URL-DB (it's missing!) in Next-Generation Firewall Discussions
- XFF: For security Policy in General Topics
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks