Skip to main content
IvarR
IvarR
New Member
May 27, 2025
Question

Fortigate logs - kerberos srcname

  • May 27, 2025
  • 3 replies
  • 1041 views

Hello,

I have weird issue where if "device identification" is enabled on interface and Fortigate gets hostname information from kerberos traffic it adds some spaces after the hostname. It can also be seen from 'diagnose user device' command like this:

vd root/0 54:e1:ad:xx:xx:xx gen 390881 req 0
created 7078125s gen 83715 seen 1637670s SW123 gen 15618
ip 192.168.10.123 src arp
os 'Windows' src http id 1444 weight 130
software version '10' src http id 1444 weight 130
host 'PC-TEST123456   ' src kerberos
user 'test.user' src kerberos

 

It always seems to add spaces so field is 16 characters long.

Is this issue with Fortigate or something with way Windows communicates through kerberos? Haven't been able to figure this out myself.

3 replies

Stephen_G
Moderator
Stephen_G
Moderator
May 29, 2025

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

If anyone has any advice to contribute, please do!


Thanks,

Stephen_G - Fortinet Community Team
Stephen_G
Moderator
Stephen_G
Moderator
June 5, 2025

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP. If anyone else has any information, please feel free to contribute it!


Thanks,

Stephen_G - Fortinet Community Team
ebilcari
Staff
ebilcari
Staff
June 5, 2025

Try to reproduce the behavior after enabling this debug:

# diag debug application cid -1

# diag debub ena

Emirjon
    Terms & ConditionsAccessibility statement