there are possible ways.
- configure your FW to use X-Forwarded-For http header. This field contains original source IP of the client going via proxy.
- Access.log should already contains field "src_ip" with value of Client.IP
- You can extend Access.log with custom field of value URL.Destination.IP
Just some additional information.
Regarding 1.: Please notice that source IP is sensitive information. Maybe you don't want the requests to go out of the company with this information in the header.
Normally, we have the "Remove Privacy Violating Header" rule set in the library. There, the VIA header is removed or set (own value to prevent proxy loops) and the X-Forwarded-For header is removed but this is your decision based on your requirements.
Regarding 3.:Yes, access log can be extended with the URL.Destination.IP address.
Please notice that you would need to add a user-defined column in CSR for example when pushing/pulling log files there.
This must be done since CSR does not know this header by default.
See here under "Table A-2 McAfee Web Gateway header formats": CSR 2.3.0 Product Guide (PD26977)
Please let us know if you have further questions.