02-25-2020 08:02 AM
Hello,
Looking for some help if possible?
Trying to set up XFF (PA-3250, 8.1.12), I have tried to set it up following this tutorial:
The only part I have not configured is pushing the URL logs to the syslog server.
The problem is, when "Strip X-Forwarded-For Header" is enabled the URL Filtering monitor displays the XFF value as 1.1.1.1. I temporarily disabled this feature and the internal client was displayed as expected, however, we would want to strip it and not make this information public. As soon as I enabled the strip feature again the value changed back to 1.1.1.1. I would have expected the XFF value to be displayed as the internal address and then as it leaves the firewall this information will be stripped from the HTTP header?
The clients go through a proxy server (Smoothwall), then to the FW and out. We do not have access to the proxy but have been assured this has been set up correctly.
Is there something I am missing in the set up?
Any help would be greatly appreciated!
Thanks.
