X-Forwarded-For from firewall should be sending the external IP of the incoming connection.
X-Forwarded-For is being overwritten by the firewall, so our internal servers cannot check the external IP of the incoming connection.
This is a requirement of both business logic and PCI requirements, and the firewall should be sending the external real IP instead of its own IP to the internal servers.
Jim Keane commented
I am having the same issue. Client -> VNET F/W -> AGW -> VM (IIS). HTTP_X_FORWARDED_FOR contains only the IP:Port of the VNET F/W.
Note: this is a VNET F/W, *not* an NSG
Patrick Ghosn commented
@_JJ_ yes but it's returning the firewall IP, not the source connetion IP.
It works for us - we see X-Forwarded-For OK, but we use X_FORWARDED_FOR on our platform.