Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
436
Views
0
Helpful
3
Replies

Cisco ASA firewall to read the x-forwarded packets

Shine Sudheesh
Level 1
Level 1

‎10-14-2023 11:20 PM

Dear Team,

We are planning to implement DLP solution in our infrastructure and the DLP solution will act as an proxy to the internet traffic.
In this case , DLP solution will x-forward the traffic to internet with original IP address as adding an header in the packet field , so we want to check whether this feature is supported in Cisco ASA firewall to read the x-forwarded packets from DLP solution.

Br,

Shine

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-15-2023 12:38 AM 

Cisco ASA firewall to read the x-forwarded packets

Not sure what is the use case here for the ASA need to know x-forward address, Most cases when you proxy the traffic the ASA see Proxy IP as source address (most cases)  and make decision what is to be done based on the sources in simple ASA deployment.

unless you have other modules like IPS or any http inspection enabled.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Shine Sudheesh
Level 1
Level 1
In response to balaji.bandi

‎10-15-2023 02:10 AM

Dear Balaji ,

Thanks for your reply.

Just one question , will the ASA can pull the original client IP from the x-forwarded packets.

We have ACP rules based on the original IP.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Shine Sudheesh

‎10-15-2023 04:04 AM

What Information does your DLC Proxy sent to ASA is very important.

ASA it self can not see  that inside IP information (personally i believe) - until you decrypt inside information.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card