Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AAguilo
New Contributor II

Created on ‎04-26-2022 06:37 AM

Fortigate 40F Source users

Hi,

I've got a Fortigate 40F and the source objects you can see on the logs/fortiview they don't match the current user. It's like it's showing maybe the first user that connected with that IP, but it's not updating.

 

I've got it connected with LDAP.

 

How can I make it update the names so they are correct on the logs?

 

Thanks,

Albert

-- Do it or not, there is no try....in production environments. --
-- Do it or not, there is no try....in production environments. --
Labels:
2349
0 Kudos
1 Solution
Debbie_FTNT
Staff
Staff
In response to AAguilo

Created on ‎04-27-2022 01:23 AM

Hey AAguilo,

FortiGate might simply not see different user information through device detection. Any user information via device detection is a guess at best, based on what information FortiGate was passively able to detect.

A somewhat more thorough explanation: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-unauthuser-and-unauthusersource/ta-p...

There isn't really a way for FortiGate to forcibly update the user information.

You can delete the device entry via CLI (dia user device del <MAC address>), but that's about it, and FortiGate might start filling in different user information found through device detection.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

2328
6 REPLIES 6
seshuganesh
Staff
Staff

Created on ‎04-26-2022 06:42 AM

Hi Team,

 

I understood your query.

Could you please let us know what is the IP address associated with that user under dashboard >>users and devices
Is it updating there?

Please keep us posted

2297
0 Kudos
AAguilo
New Contributor II
In response to seshuganesh

Created on ‎04-26-2022 06:46 AM

The IP's are correct and the hostnames are correct. The only thing it's not updating is the username. And it's showing the wrong user everywhere, on the logs, on the dashboards...

AAguilo_0-1650980840778.png

 

 

-- Do it or not, there is no try....in production environments. --
-- Do it or not, there is no try....in production environments. --
2296
0 Kudos
seshuganesh
Staff
Staff
In response to AAguilo

Created on ‎04-26-2022 06:49 AM

May i know how the user is getting authenticated with the firewall?

Is it only through device identification or through any other authentication mechanism like captive portal or FSSO?

 

2294
0 Kudos
AAguilo
New Contributor II
In response to seshuganesh

Created on ‎04-26-2022 07:00 AM

Only through device identification. It's set up at the users interfaces with the "device detection" setting

-- Do it or not, there is no try....in production environments. --
-- Do it or not, there is no try....in production environments. --
2291
0 Kudos
Debbie_FTNT
Staff
Staff
In response to AAguilo

Created on ‎04-27-2022 01:23 AM

Hey AAguilo,

FortiGate might simply not see different user information through device detection. Any user information via device detection is a guess at best, based on what information FortiGate was passively able to detect.

A somewhat more thorough explanation: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-unauthuser-and-unauthusersource/ta-p...

There isn't really a way for FortiGate to forcibly update the user information.

You can delete the device entry via CLI (dia user device del <MAC address>), but that's about it, and FortiGate might start filling in different user information found through device detection.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
2329
AAguilo
New Contributor II
In response to Debbie_FTNT

Created on ‎04-27-2022 01:28 AM

Thank you for this explanation, i thought the device identification would update the information. Knowing this i will just delete the devices having this issue so they can be identified again.

-- Do it or not, there is no try....in production environments. --
-- Do it or not, there is no try....in production environments. --
2279
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.