Guest

Preview Tool

Cisco Bug: CSCuj12923 - ENH - XFF/Proxy-Chaining Support on ASA

Last Modified

Apr 15, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.1(2.7) 9.10(1.220)

Description (partial)

Symptom:
Enhancement request is for the the support of 'X-Forward-For' XFF or proxy chaining. 

Need the FW to bring them the visibility of the internal user src IP address when there are devices present in the path towards the firewall that modify the source IP - such as a load-balancer.

Without XFF support in the firewall, the user original src IP is lost.

Conditions:
A user connected in a branch office uses a proxy PAC to get to a load balancer; the local breakout firewall send this traffic to the load-balancer using IPsec and NAT. 
Without XFF support in the firewall, the user original src IP is lost.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.