FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to view the actual client IP having X-Forwarded enabled.
Scope
FortiProxy.
Solution
Consider this below topology as an example:
Client >> Load balancer(Source is natted here and X-Forwarded is enabled) >> FortiProxy >> Forward Proxy
In traffic logs, it is possible to see the Natted IP as the source. To view the original IP from header, it requires to configure the below settings:
config web-proxy global set learn-client-ip enable set learn-client-ip-from-header true-client-ip x-real-ip x-forwarded-for set learn-client-ip-srcaddr x.x.x.x end
Here 'x' will be the Natted IP of load balancer.
Post these changes and check for client IP in forward traffic logs. The actual source IP of the client should be visible.
