With this option enabled, the firewall uses
the IP address in the XFF header for user mapping purposes only.
The source IP address the firewall logs is still that of the proxy
server, not that of the source user. When you see a log event attributed
to a user that the firewall mapped using and IP address extracted
from an XFF header, it can be difficult to track down the specific
device associated with the event. To simplify debugging and troubleshooting
of events attributed to users behind the proxy server, you must
also configure the firewall to populate the X-Forwarded-For column
in the URL Filtering log with the IP address in the XFF header so
that you can track down the specific user and device associated
with an log event that is correlated with the URL Filtering log
entry.
The XFF header your proxy server adds must contain
the source IP address of the end user who originated the request.
If the header contains multiple IP addresses, the firewall uses
the first IP address only. If the header contains information other
than an IP address, the firewall will not be able to perform user
mapping.