Cisco Bug: CSCuj12923 - ENH - XFF/Proxy-Chaining Support on ASA
Apr 15, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: Enhancement request is for the the support of 'X-Forward-For' XFF or proxy chaining. Need the FW to bring them the visibility of the internal user src IP address when there are devices present in the path towards the firewall that modify the source IP - such as a load-balancer. Without XFF support in the firewall, the user original src IP is lost. Conditions: A user connected in a branch office uses a proxy PAC to get to a load balancer; the local breakout firewall send this traffic to the load-balancer using IPsec and NAT. Without XFF support in the firewall, the user original src IP is lost.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases