Use x-forwarded- for to apply policy?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Use x-forwarded- for to apply policy?

L1 Bithead

Dear all,

I have a very important question and need your fast reply please.

Can I use x-forwarded-for to show the ip address of the coming users behind a proxy and THEN apply policies based on these users?

This scenario intends to apply policies per users while reaching the Firewall with the ip of a proxy. Can I?

3 REPLIES 3

L5 Sessionator

Good Morning

You can use x-forwared-for to fetch the ip addresses of the users behind the proxy, and match them to specific policies.

The Below 2 links ( a KB and a thread ) explain about it in more detail:

https://live.paloaltonetworks.com/message/21710#21710

https://live.paloaltonetworks.com/docs/DOC-1128

Hope that helps!!

BR,

Karthik RP

Good Morning,

Thanks karthik for your answer.

I have read the links you sent but I'm still not quite sure of something:

According to this line : "It is expected that all of the existing reports that use Source User will continue to function and will display the x-fwd-for value if it is present. In addition, it should be possible to filter on this value in both the logs and custom reports" , this shows that I can use X-forwarded-for to get IP Addresses of users behind a proxy in Logs, But still I need to know whether I can apply policies then based on these users or the policy is being evaluated before parsing x-forwarded-for ?

Waiting for your reply and Thanks a lot for your co-operation.

L4 Transporter

I believe that in order to create policy based on incoming IP address, you would have to set the X-forward at the proxy instead of the PAN. See:

https://live.paloaltonetworks.com/message/4268#4268

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.
  • 2732 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!