How to enable "X-Forwarded-For" for traffics forwarded from Imperva Cloud WAF on CheckPoint firewall

Thammarit — Thu, 07 Dec 2023 10:49:25 GMT

Hi everyone,

I'm looking for help to guide the customer configuring Checkpoint firewall to properly handle "X-Forwarded-For" headers for traffic forwarded from Imperva Cloud WAF. My goal is to ensure accurate client IP logging and visibility into the origin of incoming requests.

Current Setup:

Firewall: Checkpoint Firewall
WAF: Imperva Cloud WAF

Desired Outcome:

"X-Forwarded-For" header containing the original client IP is correctly forwarded by Imperva WAF and received by the Checkpoint firewall.
Client IP information is accurately logged in the Checkpoint firewall logs for analysis.

Questions:

What specific configuration changes are needed on the Checkpoint firewall to enable "X-Forwarded-For" for Imperva Cloud WAF traffic?

Any guidance or insights from experienced users would be greatly appreciated.

Re: How to enable "X-Forwarded-For" for traffics forwarded from Imperva Cloud WAF on Check

PhoneBoy — Thu, 14 Dec 2023 20:54:45 GMT

In order for the gateway to even see the XFF header, you'll need to have App Control and HTTPS Inspection enabled.
The rule the traffic matches might need to include actions that require App Control (including the use of "Detailed" or "Extended" logging).

topic Re: How to enable "X-Forwarded-For" for traffics forwarded from Imperva Cloud WAF on Check in Firewall and Security Management

How to enable "X-Forwarded-For" for traffics forwarded from Imperva Cloud WAF on CheckPoint firewall

Re: How to enable "X-Forwarded-For" for traffics forwarded from Imperva Cloud WAF on Check