Off late our security team is seeing some malicious traffic from few desktops to external IP's. Unfortunately we could see only proxy IP in the firewall logs. what is the best way to get client IP (desktop IP) in proxy logs and FW. Do i need to enable something in MWG so that FW can see client IP in FW? FYI, my MWG ver 7.2.6.
Just some additional information.
Regarding 1.: Please notice that source IP is sensitive information. Maybe you don't want the requests to go out of the company with this information in the header.
Normally, we have the "Remove Privacy Violating Header" rule set in the library. There, the VIA header is removed or set (own value to prevent proxy loops) and the X-Forwarded-For header is removed but this is your decision based on your requirements.
Regarding 3.:Yes, access log can be extended with the URL.Destination.IP address.
Please notice that you would need to add a user-defined column in CSR for example when pushing/pulling log files there.
This must be done since CSR does not know this header by default.
See here under "Table A-2 McAfee Web Gateway header formats": CSR 2.3.0 Product Guide (PD26977)
Please let us know if you have further questions.