Skip to main content
A
Anonymous_User
Contributor
October 30, 2008
Question

FortiAnalyzer reports with username.

  • October 30, 2008
  • 8 replies
  • 8649 views
Hi, So I managed (after much pain) to get FSAE working and LDAP on our FortiGate, I can run a few commands through the CLI to see who is logged in against what IP (diag debug authd fsae list). The only problem is, is that the reports generated by the FortiAnalyzer are still only showing with the users IP address. Ive configured LDAP on the Analyzer which shows the user groups fine. Looking at the Analyzer' s live log viewer, the messages are showing user=" N/A" etc. 
itime=1225324741 date=2008-10-30 time=11:57:38 ~ type=webfilter subtype=ftgd pri=notice vd=root policyid=20  user=" N/A"  group=" N/A"  src=**.**.**.** sport=1362 src_int=" internal"  dst=209.85.201.189 dport=80 dst_int=" wan1"  service=" http"  method=" domain"  cat=23 cat_desc=" Web-based Email"
Where am I going wrong, starting to get really frustrated with this.

    8 replies

    rwpatterson
    rwpatterson
    New Member
    October 30, 2008
    Welcome to the forums. I' m not sure about LDAP, but for user names and FSAE you have to enable (but not necessarily use) DHCP on the workstations, and in the NIC setting, enable ' Register DNS suffix...' . That worked for me, after too much hair pulling...
    A
    Anonymous_UserAuthor
    Contributor
    October 30, 2008
    I' ve enabled that setting on my laptop, see if it picks it up by tomorrows report, a run a on demand report, no love. Does the FSAE authorisation have to be on at the firewall, FSAE is there, collecting the information, but it isnt enabled for instance, on the Internal -> WAN policy. Reason being, is thats another problem we' ve had, enabled the authorisation and no-one can access the internet.
    rwpatterson
    rwpatterson
    New Member
    October 30, 2008
    Yes, it must be enabled on the policy. Select guest access to match the authorized access on the same policy. We have yet to roll this out company wide because of similar issues. It was put way down on the back burner.
    A
    Anonymous_UserAuthor
    Contributor
    October 30, 2008
    All working now, wonderful, now for some testing. Need to get rid of the " Authenticated, redirecting in....." message now >.<
    p768
    p768
    New Member
    October 31, 2008
    try upgrading to 3.00 mr6 patch3
    A
    Anonymous_UserAuthor
    Contributor
    November 7, 2008
    Hi, I also installl fortinet analyzer 2 weeks ago and the goal of having this is see how are users web traffic activity and run report against domain users NOT ip addresses. But when I run report, it only shows the ip addresses. could you please point me in the right direction. 1. Do I need to configure LDAP on FortinAnalyzer 100B as well as Fortinet100A. Appreciate your help. thanks
    A
    Anonymous_UserAuthor
    Contributor
    November 19, 2008
    Same here We would also need some pointing :O) Have FSAE setup and firewall is logging users. Now I we need to get it working with the Analyzer
    rwpatterson
    rwpatterson
    New Member
    November 19, 2008
    If the policy uses FSAE, then you should be getting user names in the FAZ.
    A
    Anonymous_UserAuthor
    Contributor
    December 8, 2008
    Yes but are there any nice walkthrough on how to set it up?
    A
    Anonymous_UserAuthor
    Contributor
    January 9, 2009
    Yes all info is there in the log but I' ve still not managed to get this working. please help
    Terms & ConditionsAccessibility statement