Support Center > Search Results > SecureKnowledge Details
The XFF header (X-Forward-For) is not added to web traffic when Security Gateway is in Transparent Mode
Symptoms
  • HTTP/HTTPS transparent proxy is enabled on the Security gateway with the XFF header option enabled, but the next hop device cannot see the XFF header attached.
  • Debugs on the gateway (fw ctl debug -m fw conn drop packet packval and fw ctl debug -m WS + all) shows:

    [cpu_X];[fwY_Z];###:{module} fw_http_proxy_inspection: not internal interface X.X.X.X not match to proxy;
Cause

Incoming interface for web traffic is not defined as "internal", which makes the traffic uneligible for the XFF header.


Solution
Note: To view this solution you need to Sign In .