By default, the firewall does not log the
source address of a client behind a proxy server, even if you are
using this address from the X-Forwarded-For (XFF) header for user
mapping. Therefore, while you can identify the specific user associated
with a log event, you will not be able to identify the source device
that originated the log event easily. To simplify the debugging
and troubleshooting of events for users behind a proxy server, enable
the X-Forwarded-For option in the URL Filtering profile that you
attach to Security policy rules that allow access to web-based applications.
With this option enabled, the firewall logs the IP address from
the XFF header as the Source address for all traffic that matches
the rule.