02-15-2021 10:18 PM
Hi
Am trying to integrate Palo Alto NGFW with proxy web security appliance (Forcepoint WSA). Can palo alto PBF used to send web traffic traffic requests.
All we are trying is to implement proxy transparently.
Is there any equivalent of WCCP in Palo Alto.
02-16-2021 12:05 AM
PBF will force packets out of a different interface than what the routing table points towards, but you cn't change the port or make a session into a proxy connection. If the Proxy is fully transparant you could connect it directly to the firewall with an ISP upink behind it and set PBF to split off all port 80 and 443 to the second ISP, pssing through the proxy while getting there.
the palo isn't a proxy o doesn't have proxy features (you can set up wccp on your switches and direct trafic as you see fit, you can set the firewall in layer2 mode with l3 vlan interfaces for routing purpoeses, this would allow you to direct traffic where you need it)
02-16-2021 06:15 AM
Thank you @reaper
Proxy is not transparent. I liked your idea on WCCP in the switch. Let me R&D on it's feasibility.
Core-switch is Cisco. WCCP can forward traffic to WSA. From the WSA I hope traffic can be forwarded to gateway firewall or back to core switch.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
