FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bpozdena_FTNT
Description
Since the release of FortiOS 6.2, the FortiOS proxy daemon (WAD) will strip domain names from usernames when domain is specified with backslash (DOMAIN\username).
This behavior allows matching of locally defined users before contacting remote authentication servers.
As a consequence of this behavior, the domain name is stripped from event logs, traffic logs as well as from RADIUS Access-Request and Accounting messages.


Example for illustration.
This article shows that when a user 'OS\denmark.user1' authenticates on explicit proxy, the domain name is stripped out completely.

Proxy Authentication Form
Resulting Proxy User List
Resulting Firewall User List
Resulting Forward Traffic Log


Solution
In cases where the domain name needs to be preserved in forward traffic logs and RADIUS messages, the users will need to specify the username with forward slash (DOMAIN/username) or in UPN format (username@DOMAIN).

Example for illustration:
This example shows that when the same user 'Denmark.User1' authenticates as 'OS/denmark.user1' or 'denmark.user1@OS', the domain name is preserved in the firewall user list, forward traffic logs, RADIUS messages, etc.


Proxy Authentication Form

Resulting Proxy User List

Resulting Firewall User List

Resulting Forward Traffic Log


Contributors