Fortigate 40F Source users

Forum|Forum|4 years ago
April 26, 2022
1 reply
4958 views

Hi,

I've got a Fortigate 40F and the source objects you can see on the logs/fortiview they don't match the current user. It's like it's showing maybe the first user that connected with that IP, but it's not updating.

I've got it connected with LDAP.

How can I make it update the names so they are correct on the logs?

Thanks,

Albert

FortiGate

Best answer by Debbie_FTNT

Hey AAguilo,

FortiGate might simply not see different user information through device detection. Any user information via device detection is a guess at best, based on what information FortiGate was passively able to detect.

A somewhat more thorough explanation: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-unauthuser-and-unauthusersource/ta-p/202750

There isn't really a way for FortiGate to forcibly update the user information.

You can delete the device entry via CLI (dia user device del <MAC address>), but that's about it, and FortiGate might start filling in different user information found through device detection.

seshuganesh

Staff

Hi Team,

I understood your query.

Could you please let us know what is the IP address associated with that user under dashboard >>users and devices
Is it updating there?

Please keep us posted

AAguiloAuthor

Explorer

The IP's are correct and the hostnames are correct. The only thing it's not updating is the username. And it's showing the wrong user everywhere, on the logs, on the dashboards...

seshuganesh

Staff

May i know how the user is getting authenticated with the firewall?

Is it only through device identification or through any other authentication mechanism like captive portal or FSSO?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded