This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Migrating existing Explict proxy to Palo alto Transparent Proxy

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Migrating existing Explict proxy to Palo alto Transparent Proxy

praveen.dharmaraj
L0 Member

‎09-08-2025 11:08 PM

HI ,

 

We want to migrate existing legacy Explicit proxy to palo alto in transparent proxy mode , we have palo alto with panorama , all the branches using legacy explicit proxy , Legacy Explicit proxy device in HQ and all the branch traffic is redirecting to explicit proxy. 

we want to remove explicit proxy .

 

Is it possible using Global Protect we can redirect all the web traffic from branches to HQ palo alto in transparent proxy mode ?

0 Likes Likes
2 REPLIES 2

JustinWoodman
L2 Linker

‎09-09-2025 06:45 AM

Not exactly enough information for me to understand what you are asking for. But transparent proxy means all your internal routes to the internet, run through the palo device, regardless. Basically the default method most edge firewalls operate in. Explicit proxy basically means without the explicit proxy setup, traffic is going some different way to the internet, potentially. Can you do this transparent proxy with gp, yes, but not all devices support gp, like multi-function printers, guest wifi networks.  You would want gp in a always connected method. Internet is used broad here, it could mean just the real internet, but could also include internal sites as well, that need more security.  

 

You could also do this with mpls, sdwan or ipsec tunnels, and have all the internal networks setup with default routes that end them up at the palo alto.  The far end devices don't even have to be palo devices to do this, they just have traffic end up at the hq palo device. 

0 Likes Likes

praveen.dharmaraj
L0 Member
In response to JustinWoodman

‎09-11-2025 04:03 AM

Hi ,

 

Thank you , solution which we are looking only for the laptop /desktop . branches instead of using explicit proxy we want to use transparent proxy using global protect . now all the sites are interconnected using fortigate sdwan solution . only interested traffic is reaching to HQ . palo alto firewall is poisoned as perimeter firewall in HQ .

 

is there is any way we can use Global Protect to redirect traffic (Http+Https) from the branches to HQ in-order to remove explicit proxy architecture .

0 Likes Likes
  • 381 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks