Log the real IP address of the client user - X-For...

This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ Sign In

Products
Learn
Local User Groups
Partners
- Welcome Partners!
More

Products
Learn
Local User Groups
- Upcoming Events
- Americas
- EMEA
  - Czech Republic and Slovakia
  - Denmark
  - Netherlands
  - Germany
  - Sweden
  - United Kingdom and Ireland
  - France
  - Spain
  - Norway
  - Ukraine
  - Baltics and Finland
  - Greece
  - Portugal
  - Austria
  - Kazakhstan and CIS
  - Switzerland
  - Romania
  - Turkey
  - Belarus
  - Belgium & Luxembourg
  - Russia
  - Poland
  - Georgia
  - DACH - Germany, Austria and Switzerland
  - Iberia
  - Africa
  - Adriatics Region
  - Eastern Africa
  - Israel
  - Nordics
  - Middle East and Africa
  - Balkans
  - Italy
  - Bulgaria
- APAC
  - Korea
  - Mongolia
  - Bangalore
  - Greater China
  - Australia/New Zealand
  - Philippines
  - Japan
  - Singapore
  - India
  - Thailand
  - Taiwan
  - Hong Kong
  - Indonesia
Partners
- Welcome Partners!
More
ABOUT CHECKMATES & FAQ
- About CheckMates & FAQ
- Community Guidelines
Sign In
Leaderboard
Events

Discover the Future of Cyber Security:
What’s New in Check Point’s Quantum R82

Watch Now

Pick the Best of the Best of
CheckMates 2024!

Vote Now!

Share your Cyber Security Insights
On-Stage at CPX 2025

Learn More

Simplifying Zero Trust Security
with Infinity Identity!

Watch Now

Zero Trust Implementation
Help us with the Short-Term Roadmap

Take the Survey

CheckMates Go:
What's New in R82

LISTEN NOW

Create a Post

CheckMates
:
Products
:
CloudMates Products
:
Cloud Network Security
:
Discussion
:
Log the real IP address of the client user - X-For...

Options

Subscribe to RSS Feed
Mark Topic as New
Mark Topic as Read
Float this Topic for Current User
Bookmark
Subscribe
Mute
Printer Friendly Page

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Are you a member of CheckMates?

Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!

Shay_Levin

Admin

‎2024-06-17 04:11 AM

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

Log the real IP address of the client user - X-Forwarded-For (XFF)

In today’s web environment, many web servers utilize CDNs or application load balancers.

It is beneficial to log the real IP address of the client user rather than the IP address of the CDN or load balancer server.

Fortunately, CDNs and load balancers send requests with the X-Forwarded-For (XFF) header, which includes the real IP of the client user.

We can use the value of the X-Forwarded-For header in our Check Point logs.

When a Check Point Gateway is positioned between a CDN or an application load balancer and your web servers, the gateway will log the private IP address of the load balancer as the source.

In order to see the client user’s real IP on the Check Point logs, follow the below steps:

1. On the Gateway object , enable the application control blade.

2. On the policy , enable application control

3. On the access rule , enable extended logging

4. On the logs , add the field , Proxied Source IP

*** If the session is encrypted , enable HTTPS Inspection on the Gateway and upload the Web Server SSL Private key to the GW, Step by Step Guide is here