X FORWARD FOR with USER ID

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

X FORWARD FOR with USER ID

L4 Transporter

Hello

is it possible to use ip retrieved from the x forwarded  header and combined with the user-id.

my aim is to filter access per active directorie usergroup, but I have a proxy implemented between the palo and the user device.

thank 

1 accepted solution

Accepted Solutions

L4 Transporter

Hi,

Do I understand correctly that you want to retrieve the client IP via "x-forwarded for" and then let the PA use its User-ID to map this IP to a user?

I don't think this will be possible, based on the DOC provided by kdd, since the client IP will be "written" in the "source user" column.

Looks like a nice feature request to me though. Kind of like the Terminal Services User-ID agent can identify users based on source port, maybe a Proxy User-ID agent that can find users based on "x-forwarded for"...

View solution in original post

3 REPLIES 3

L4 Transporter

Hi Gregoux,

the links explain how to enable it and how it will work

https://live.paloaltonetworks.com/docs/DOC-1128

instead of CLI via browser Device > Setup > Content-ID

The "strip x-forwarded for" option replaces the ip-address with zeros. so that the destination is not able to see the clients ip-address

Regards Klaus

L4 Transporter

Hi,

Do I understand correctly that you want to retrieve the client IP via "x-forwarded for" and then let the PA use its User-ID to map this IP to a user?

I don't think this will be possible, based on the DOC provided by kdd, since the client IP will be "written" in the "source user" column.

Looks like a nice feature request to me though. Kind of like the Terminal Services User-ID agent can identify users based on source port, maybe a Proxy User-ID agent that can find users based on "x-forwarded for"...

L2 Linker

Hi,

I also need to retrieve the "source user" who under the PROXY.

Now, I find the user name by check "user_ip_map" and "x-forwarded for".

But this is very very heavy work..

If PAN create new columns "x-forwarded for" and "x-forwarded for user" like "source" and "source user " in traffic log & URL Filtering log,

it is very helpful and much enough for my need.

Mt.10
  • 1 accepted solution
  • 3481 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!