PA5020 and Proxy Server

Reply
Highlighted
Not applicable

PA5020 and Proxy Server

I have a PA5020 and am using a proxy server to filter internet traffic.  In the traffic monitor all the traffic I see going to the web is from the proxy server.  I turned this feature on on the firewall.  Enabling support for the X-Forwarded-For HTTP header.  After enabling this feature I didn't see any difference in the monitor section of the firewall.


Is there anyway I can identify the user or IP address instead of just identifying the proxy server.

Thanks


Accepted Solutions
Highlighted
L5 Sessionator

Re: PA5020 and Proxy Server

Hello aguley,

Since you don't have URL filtering license, I presume you don't have URL filtering profile applied to any of your security policies. If you don't have URL filtering profiles applied to security policies, then you won't see URL filtering logs.

Thanks and regards,

Kunal Adak

View solution in original post


All Replies
Highlighted
L5 Sessionator

Re: PA5020 and Proxy Server

Hello aguley,

I went through Enabling support for the  X-Forwarded-For HTTP header. document and didn't see the commit operation mentioned.

If you have enabled it from the configuration mode, lets make sure you commit the configuration: 

> configure

# set deviceconfig setting ctd x-forwarded-for yes

#commit force



Regards,

Kunal Adak

Highlighted
Not applicable

Re: PA5020 and Proxy Server

That's the command that I ran and I commited the changes as well.  Still just seeing traffic from proxy.  Or possibly I am looking in the wrong place.  Should I just see it in the monitor section of the firewall or do I need to dig deeper into some logs?

Thanks

Highlighted
L5 Sessionator

Re: PA5020 and Proxy Server

Hello aguley,

I hope you are looking into URL logs for X-forwarded information - not the traffic logs.

Reference:

x-forward source user information is not showing in traffic logs

Hope that helps!

Thanks and regards,

Kunal Adak

Highlighted
Not applicable

Re: PA5020 and Proxy Server

I am looking at the traffic logs.  I am getting an error trying to click on your link saying access is restircted.  How do I view the URL logs for X-forwarded information?

I am very new to PA so thank you for the very quick responses. 

Highlighted
L5 Sessionator

Re: PA5020 and Proxy Server

Hello aguley,

Under Monitor tab, click on URL filtering logs. Under URL filtering logs, you need to have the 'source user' column. If it doesn't have by default, then you can add the column.

Or you can enable it :

Thanks and regards,

Kunal Adak

Highlighted
Not applicable

Re: PA5020 and Proxy Server

We are not using the PA url filtering.  We are filtering with our proxy.  Should I still see the traffic in the URL Filtering of the PA.  I am not seeing anything currently in it. 

Highlighted
L5 Sessionator

Re: PA5020 and Proxy Server

Hello aguley,

Since you don't have URL filtering license, I presume you don't have URL filtering profile applied to any of your security policies. If you don't have URL filtering profiles applied to security policies, then you won't see URL filtering logs.

Thanks and regards,

Kunal Adak

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!