It's quite a while since I'm using the Clientless VPN feature to offer access to some web applications to remote clients. When someone logs into the portal and starts using the apps, on the monitor tab I can see the real ip address that the client is coming from, but from the application point of view all the connections are seen as coming from the firewall ip address (that acts like a web proxy). Is there a way to configure the GlobalProtect portal to forward the real ip address of the client to the application, just like a reverse proxy does with the X-Forwarded-For header?
Thank you in advance!
I configured the GlobalProtect portal to allow access to an internal web application through the clientless feature of GlobalProtect VPN. After logging into the GP Portal, users see an icon that links to the internal web application. On the firewall traffic logs I can see the "real" public IP address of the user going to the internal application (192.168.1.2), but on the application server all connections are logged as coming from 192.168.1.254 (the firewall ip address on the internal network). This is because the firewall acts as a proxy for the remote client connections. I would like to know if the firewall can pass the real ip address of the remote client to the application server, in order to have more meaningful logs on the application server itself.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!