FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description Since the release of FortiOS 6.2, the FortiOS proxy daemon (WAD) will strip domain names from usernames when domain is specified with backslash (DOMAIN\username). This behavior allows matching of locally defined users before contacting remote authentication servers. As a consequence of this behavior, the domain name is stripped from event logs, traffic logs as well as from RADIUS Access-Request and Accounting messages.
Example for illustration. This article shows that when a user 'OS\denmark.user1' authenticates on explicit proxy, the domain name is stripped out completely.
Proxy Authentication Form
Resulting Proxy User List
Resulting Firewall User List
Resulting Forward Traffic Log
Solution In cases where the domain name needs to be preserved in forward traffic logs and RADIUS messages, the users will need to specify the username with forward slash (DOMAIN/username) or in UPN format (username@DOMAIN).
Example for illustration: This example shows that when the same user 'Denmark.User1' authenticates as 'OS/denmark.user1' or 'denmark.user1@OS', the domain name is preserved in the firewall user list, forward traffic logs, RADIUS messages, etc.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.