How to Send XFF To Palo Alto

Hi Expert ,

I would like to know about now we have deploy reverse proxy front of Firewall Palo alto If we need to visibility Original ip from reverse proxy of cloudflare insert x-foward-for to Palo alto how to do and on the Palo alto side should be enable loggig XFF too and should be decrytion ssl in case traffic as encryption .

Thank you

Cloudflare send the XFF by default on all requests. It is recommended to use the CF-Connecting-IP header to restore the client IP Iā€™m these situations.

1 Like

Hi @michael

Thank for your response I have a littele bit question on the Firewall side should be decreytion traffic from reverse proxy in case need to see x-foward-for ?

Yes, you will need to decrypt to inspect the headers. However, as the key you need is the origin server key, this should be accessible to you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.