Logging the downstream client IP in the access log of the upstream ProxySG in a proxy chain
You want to log the downstream client IP in the access log of the upstream proxy in a proxy chain
In proxy chaining environments, the upstream (or parent) proxy logs all traffic as originating from the downstream (or child) proxy. To have the upstream proxy log the originating client's IP in its access logs, modify both the downstream and upstream proxies. The modification is to configure the downstream proxy to add an HTTP header showing the originating client's IP, and to configure policy on the upstream proxy to modify access logging based on this added header.
To set this up, perform the following:
On the downstream ProxySG (the proxy that the clients communicate to first):
On the upstream ProxySG: