- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-05-2023 07:11 AM
Hi ,
We are currently trying to solve an issue with User ID mapping on Exchange cluster.
This cluster is sitting behind F5 WAF, and it is doing SNAT, therefore all request are coming from same IP. (IP of the WAF)
This causes the User-IP binding to nonstop update and not reflect the reality.
On F5 we have turned on the "X-Forwarded-For" header.
We have reconfigured IIS logs to show the "X-Forwarded-For" IP of the request and we can see it in the log, therefore header insertion is working.
However, as far as I know, User ID agent is using Security log.
Is there any way how to make this work, or do we need to use Syslog and Regexp to match it from IIS logs ?
Thank you in advance.
09-05-2023 02:37 PM
Hi
Looking at the admin guide, this may be east to do, under device > setup > content-ID there is an option for x-forwarded-for headers, in this there is a drop down for enable for user-id or for security policy and then another option to strip this as the traffic passes, this would be the first place to look I think it is fully covered in the user-id section of the admin guide, this is on version 10.1 and above, you do not mention what version you are on but as user-id is fairly static in the methods to get user-id data in I presume that some older versions also support.
Hope this helps.
09-06-2023 12:13 AM
Hi,
I have seen this part of admin guide, and we have it "ON"for different reason. However the traffic flow is like this:
PA--------->F5>---------Exch Cluster
Header is added at the F5 and it does not traverse PA after header is added.
Currently running 11.0.2
09-06-2023 08:02 AM
Oh I see, I had your traffic flow all wrong, yes I would imagine that as the only device to see the x-forwarded-for header is IIS and that is where you are pulling your user-id from that you will need to user the regex to get it from IIS.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!