Configuring Trusted Proxy Servers
Use this page to add trusted proxy server IP addresses to Juniper ATP Cloud. This feature is optional
Support starting in Junos OS 17.4R1.
Access this page from Configure > Global Configuration >Proxy Servers.
When there is a proxy server between users on the network and a firewall, the firewall might see the proxy server IP address as the source of an HTTP or HTTPS request instead of the actual address of the user making the request.
With this in mind, X-Forwarded-For (XFF) is a standard header added to packets by a proxy server that includes the real IP address of the client making the request. Therefore, if you add trusted proxy servers IP addresses to the list in Juniper ATP Cloud, by matching this list with the IP addresses in the HTTP header (X-Forwarded-For field) for requests sent from the SRX Series devices, Juniper ATP Cloud can determine the originating IP address.
X-Forwarded-For (XFF) only applies to HTTP or HTTPS traffic, and only if the proxy server supports the XFF header.
To add trusted proxy servers to the list, do the following:
- Navigate to Configure > Global Configuration >Proxy Servers.
- Click the + sign.
- Enter the IP address of the proxy server in the available field.
- Click OK.