Does ProxySG / ASG / ISG support Proxy protocol

Proxy protocol:

The PROXY protocol provides a convenient way to safely transport connection information such as a client's address across multiple layers of NAT or TCP proxies. It is designed to require little changes to existing components and to limit the performance impact caused by the processing of the transported information.

Proxy is behind load balancer or NAT device that hides the clients IPs, and the LB/NAT device is sending the clients IPs using Proxy protocol.

Proxy Protocol support was added starting version 7.3.2.1

Proxy Protocol Support

The DNS, HTTP, HTTPS, RTSP, SOCKS, SSL, TCP, and Telnet services now include an "Expect Proxy Protocol" option.

When enabled, the appliance looks for the originating IPv4 or IPv6 addresses in the Proxy Protocol request header. The IP address is used for the effective client IP address in policy; refer to the Visual Policy Manager Reference or Content Policy Language Reference for more information.

- If "Expect Proxy Protocol" option is enabled and EdgeSWG/ProxySG do not receive PP header, proxy will process the web request normally.

- If "Expect Proxy Protocol" option is disabled, and EdgeSWG/ProxySG receives PP header after TCP 3-way handshake, connection may fail as Proxy expects HTTP request after TCP 3-way handshake.

The appliance terminates the incoming Proxy Protocol header and does not forward it to the Origin Content Server (OCS). This is by design and the ProxySG acts as the Proxy Protocol endpoint, not a passthrough.

In the CLI, configure Expect Proxy Protocol with the following command:

# (config proxy_service_name) attribute expect-proxy-protocol {disable | enable}