This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About WesNeary
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About WesNeary
11-12-2015
3Posts
0Likes
0Solutions
Nov 12, 2015Last Visited
User
Activity
User
Profile
Latest posts by WesNeary
| Subject | Views | Posted |
|---|---|---|
| 4350 | 11-12-2015 01:58 AM | |
| 4564 | 11-04-2015 11:41 PM | |
| 4613 | 11-04-2015 08:03 AM |
User Badges
Community Statistics
| Member Since | 11-03-2015 06:52 AM |
| Date Last Visited | 11-12-2015 08:28 AM |
| Posts | 3 |
11-12-2015
01:58 AM
Hi Rmonvon
You are correct clients have the ISA set as there browser proxy this then based on its rulesets forwards the traffic to either our onsite proxy, the upstream proxy or directly to the internet.
... View more
11-04-2015
11:41 PM
Hi Otakar,
Thanks for the reply, i think i may not have explained this fully, we are trying to replace the ISA server whihc at the moment based on policy directs the traffic to the cloud proxy by ammending the packet header and its this function i am wondering whether the PA can reproduce to allow us to remove the ISA.
... View more
11-04-2015
08:03 AM
Hello All, Was just wondering if anyone may be able to help with this our question.
Please see the attached High Level Diagram. Both Firewalls are PA 3020's with the full licence set enabled. We need to replace the ISA server which is not providing any other functions than forwarding the traffic down one of the 3 paths in the diagram, unfortunately we need to maintain this capability owing to some historic complexities with certain applications in our infrastructure not working through our proxy or via the cloud proxy or vice versa.
I know the PA can do Policy based forwarding which would suffice for the passage of traffic either via the Local Proxy or directly out via the ISP router. Everything I have read would suggest that the PBF is more of a routing level thing which requires an interface in the same subnet within the PA.
Obviously this is not possible for the cloud hosted proxy, if we were to set the egress interface and just put the next hop address as the cloud proxy would that function. My inclination is that the next hop needs to be exactly that but just looking for confirmation before I buy another solution. Thanks in Advance
... View more
Labels:
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-12-2015
08:28 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks