If user on my network want to access internet, they traffics goes to proxy first and then goes to firepower. The problem is, on my firepower, the source ip become proxy ip instead of original ip. I want to change the source ip into the original ip. Is there a way to do this? thank you
We have the same configuration. We configure the Firewall with NAT to translate the inside address to our outside routable and the reverse. All internal addresses go out the Firewall as a single address.
hi, thanks for the response. Im not quite understand what you mean. so i use my firepower as NG-IPS (layer 2 transparent). I have another firewall before that too (Palo alto).
PC -> Proxy -> palo alto -> Firepower -> internet
My palo alto and firepower dont change the ip address of the source. But my proxy did. So when the traffics goes through my firepower, all i see is the proxy ip address instead of the original pc ip address. I want to know how my firepower can see the original ip address. Thank you.
In your FMC or FTD you will create the rule to translate. I'm providing a foundation which you can modify. Hopefully I worded it properly. You should only need the one rule as the FTD's are stateful and the return traffic should be allowed back in.
ok similarly your palo alto sits in a similar location as our DMZ switch. Between the proxy and the firewall. The address coming out of the palo alto will feed the firewall. The firewall will translate the IP or IP's into the address that exists your firewall.