Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add Proxy IP Addresses for SRX Series Firewalls to ATP Appliance

If there is a proxy server between the endpoint device and the SRX Series Firewall, the session data sent from the SRX Series to ATP Appliance will have the proxy IP address as the endpoint IP address. Therefore ATP Appliance may incorrectly identify the proxy IP address as the endpoint address.

By adding the proxy IP addresses to the ATP Appliance UI and making ATP Appliance aware of them, the correct endpoint IP addresses can be obtained from the X-forwarded-for (XFF) header. ATP Appliance can then use the trusted proxy IP address to validate the proxy IP address from the X-forwarded-for field and replace the real endpoint IP address.

To add proxy IP addresses to ATP Appliance:

  1. Login to the ATP Appliance UI.
  2. Select Config > System Profiles > SRX Settings.
  3. Select the SRX Series device and click Edit as shown in Figure 1.
    Figure 1: Enrolled Devices PageEnrolled Devices Page

    The Update SRX Series Firewall Info page is displayed as shown in Figure 2.

  4. Add the proxy IP address or addresses and click Submit.
    Figure 2: Update SRX Series Firewall Info PageUpdate SRX Series Firewall Info Page

Related Documentation