Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add Proxy IP Addresses for SRX Series Firewalls to ATP Appliance

If there is a proxy server between the endpoint device and the SRX Series Firewall, the session data sent from the SRX Series to ATP Appliance will have the proxy IP address as the endpoint IP address. Therefore ATP Appliance may incorrectly identify the proxy IP address as the endpoint address.

By adding the proxy IP addresses to the ATP Appliance UI and making ATP Appliance aware of them, the correct endpoint IP addresses can be obtained from the X-forwarded-for (XFF) header. ATP Appliance can then use the trusted proxy IP address to validate the proxy IP address from the X-forwarded-for field and replace the real endpoint IP address.

To add proxy IP addresses to ATP Appliance:

  1. Login to the ATP Appliance UI.
  2. Select Config > System Profiles > SRX Settings.
  3. Select the SRX Series device and click Edit as shown in Figure 1.
    Figure 1: Enrolled Devices PageUser interface for managing enrolled devices showing details for kalsrv3: SRX V3, hostname kals, Default Zone, VSRX-S, OS 18.4X5.2, enabled with a green checkmark, not online with a red X. Includes Edit and Delete buttons.

    The Update SRX Series Firewall Info page is displayed as shown in Figure 2.

  4. Add the proxy IP address or addresses and click Submit.
    Figure 2: Update SRX Series Firewall Info PageForm titled Update SRX Device Info with fields for Name kals, Proxy IPs 1.2.3.4, 2.3.4.5, Description SRX V3, Zone Default Zone, and a green Submit button.

Related Documentation