Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos WebApp Secure] Sessions showing the load balancer IP address and not actual source/dest IP address in JWAS WebUI sessions page

0

0

Article ID: KB28098 KB Last Updated: 28 Mar 2019Version: 2.0
Summary:
Junos WebApp Secure (JWAS) sessions page shows the information about malicious and non-malicious sessions , the IP address of the attacker, browser, operating system etc. When a load balancer is used along with JWAS, the attacker IP address can show as that of load balancer’s IP address. This KB article provides information as to how to resolve the issue and how to correctly see the actual IP addresses rather than load balancer’s IP.
Solution:
When JWAS, formerly known as Mykonos, is deployed with a third-party load balancer, it need to be configured to accept the X-Forwarded-For header from the load balancer.
If that is not configured, all session IPs on the JWAS appliance will seem to be coming from the load balancer directly.

SSH/Console method:
Run the below command to make JWAS trust the header of the load balancer:
'sudo mykonos-shell config set engine.exclude_forward_addresses <IP_of_Loadbalancer>'

The following screen shot shows an example for CLI method where load balancer 172.22.151.20 has been added as a trusted host



WebUI Method:
On the WebUI of JWAS, Go to Configuration > Security Engine > Security Engine Whitelists.  Select  X-Forwarded-For Address Exclusions, and then Add to enter the IP address of the load balancer.



 
Modification History:
2019-03-25: content re-reviewed for accuracy
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search