Forwarding real client IP addresses to the ThreatPulse service when using proxy forwarding

search cancel

Forwarding real client IP addresses to the ThreatPulse service when using proxy forwarding

book

Article ID: 165746

calendar_today

Updated On:

Products

CDP Integration Server

Issue/Introduction

When proxy forwarding is used in conjunction with the ThreatPulse cloud service, only the public IP address of the proxy is appearing in reports.

This prevents you from configuring policy rules based on source IP addresses and also from running reports on client IPs.

Resolution

Use the "X-Forwarded-For" command from the command line interface (CLI) in order to pass on the workstation's IP address, but the source IP address of the packet will contain the IP address of the ProxySG. To enable the x-forwarded-for HTTP header, login to the CLI of your ProxySG and run the following commands:

ProxySG>enable Enable Password: ProxySG#config t Enter configuration commands, one per line. End with CTRL-Z. ProxySG#(config)http add-header x-forwarded-for ok ProxySG#(config)exit ProxySG#

To disable or turn off the x-forwarded-for header, please run the following commands from the CLI:

ProxySG>enable Enable Password: ProxySG#config t Enter configuration commands, one per line. End with CTRL-Z. ProxySG#(config)http no add-header x-forwarded-for ok ProxySG#(config)exit ProxySG#

For more information regarding the X-Forwarded-For header, please see the Configuration and Management Guide

Feedback

thumb_up Yes

thumb_down No