In addition to XFF header usage in security
policy, you can view the XFF IP address in various logs, reports,
and the Application Command Center (ACC) to aid in monitoring and
troubleshooting. You can add the X-Forwarded-For column to Traffic,
Threat, Data Filtering, and Wildfire Submissions logs.
For
non-URL Filtering logs, XFF IP logging is supported only when packet
capture is not enabled.
The X-Forwarded-For IP
column does not display a value if the firewall detects a threat
that requires a reset action (reset-client, reset-server, or reset-both)
and the last inspected packet does not contain the XFF header.
To
view the XFF IP address in your logs, complete the following steps.