Device Detection - Incorrect user matched with device

Is your LAN default gateway in your switching stack or the FG Internal?  We route in our stack with a dedicated interface to the FG Internal.  This masks the MACs (because you are routing between segments) and causes problems such as this.  I just deployed 5.2.2 haven't had a chance to see if the found some other way to do the mapping.

Hi Dave

No, we don't have any later 3 switches, the FG is the gateway, thanks for the suggestion.

We have held off on the upgrade to 5.22

Its very strange / misleading from a reporting perspective.

Anyone else out there getting results like this ?

We suspect it might be the FSSO agent on AD... that will report an IP/ username to the FG which is perfect.

However when someone connects to the network from a non windows device...e.g Android phone they dont have to login to get an IP address.... I suspect that the FG just assumes that the same user who had  that IP in the past is now the person "logged in" to the android device which is not possible / untrue.

Other devices (e.g VOIP phones) are being reported as windows devices and sometimes have an AD username associated with them which is incorrect.

The trouble is we use user / device based profiles for access control and restriction 

Anyone any suggestions ? (Perhaps its the way we have the FSSO agent configured?)