X-FORWARDED-FOR Feature in PAN-OS 6.1 and later.

X-FORWARDED-FOR Feature in PAN-OS 6.1 and later.

Created On 09/25/18 19:20 PM - Last Modified 02/07/19 23:34 PM






X-Forwarded-For is the header field option that preserves the IP address of the user who requested the web page. It allows the identification of the IP address of the user particularly if there is a proxy server on the network, where all requests might seem to originate from the proxy server’s IP address.


This feature is used when to see the client IP address. When the web traffic is coming via a proxy server, the source IP address of the proxy server under URL filtering logs is seen. Once this feature is enabled the client IP address can be seen under URL filtering logs ( x-forwarded-for column).



This feature must be enabled on a proxy server and on the Palo Alto Networks firewall. The proxy server will add “x-forwarded-for” in the GET request from the client and client IP address to this field. When the firewall receives the GET request, it will look for the “x-forwarded-for” field to check client IP address and populate it under URL filtering log.


Example configuration

  1. Create a proxy server with IP address
  2. Enable X-FORWARDED-FOR on the proxy server.
    The default gateway is the firewall inside interface (TRUST) –
    IPv4 Address. . . . . . . . . . . :
    Subnet Mask . . . . . . . . . . . :
    Default Gateway . . . . . . . . . :
  3. TRUST PC as with proxy configured in IE browser.
  4. Enable X-FORWARDED-FOR on the firewall under URL filtering profile used in a security policy.


Example flow

  1. Initiate web traffic for the website www.icicibank.com from the client with IP address
  2. The traffic reached proxy server
  3. Proxy server will add the field “X-FORWARDED-FOR” in the GET request from the client.
  4. When the GET request reached firewall, the firewall will check the “X-FORWARDED-FOR” field and populate the same under URL filtering logs.

    In the above log snapshot, the client IP address is displayed as under the “x-forwarded-for” column along with source IP address as (Proxy Server).


owner: rsingh


Additional Information

  • Print
  • Copy Link


Choose Language