When HTTPS traffic to Encryption Management Server Web Email Protection is routed through a load balancer or proxy, Encryption Management Server will log the IP address of the load balancer or proxy, not the IP address of the originating host.

For example, if a load balancer has the IP address 10.13.12.11 and the Web Email Protection user has the IP address 10.11.12.13, this is what is seen in the Web Email Protection log:
2020/05/06 15:45:02 +01:00  INFO   pgp/wm[2002]: 10.13.12.11 [email protected] Login

Some load balancers and proxies support X-Forwarded-For (or XFF) headers. These are used to identify the originating IP address of the connecting host. The header looks like this in the HTTP packet where 10.11.12.13 is the IP address of the originating host:
X-Forwarded-For 10.11.12.13

Symantec Encryption Management Server 3.3.2 MP13 and above.

 

Encryption Management Server Web Email Protection does not support XFF headers. The Web Email Protection log will show the IP address of the host that connects to it and will ignore the value of the XFF header.

If a Web Email Protection user logs in and then logs in again from a different IP address, the first session is logged out automatically. However, this functionality will not work as designed if Encryption Management Server cannot identify a unique IP address for each Web Email Protection session.

Therefore please consider carefully before using a load balancer that presents its own IP address to Encryption Management Server.