Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Totologie
New Contributor

User in report without any ldap settings

Hello

 

I have a client who use FAZ and ask me a question :

I have weekly a report High Bandwidth Application Usage.
In this report, we notice that :

 

image001.png

 

"NOCLUGNA" is a user on his network. But he has 45 other users on the network.

I guess they are in the remaining 99,8%

 

But do you have any idea why only this user emerges in this report and not the other ?? :\

 

I read several articles about that. They often talk about LDAP configuration, but in his firewall there is no LDAP configuration :\

 

If someone has an idea or can explain to me

 

Best regards

 

 

 

AB
2 REPLIES 2
seshuganesh
Staff
Staff

Hi Team,

 

Only if the user information comes to firewall some or other way, it will show in forward traffic logs.

From there reports will be generated.

If there is no ldap, may be users are logged in through captive portal local users or through FSSO or any other authentication mechanism.

Please check and keep us posted

Debbie_FTNT
Staff
Staff

Hey Totologie,

if there is no authentication setup on the FortiGate at all, then user information may come from device detection.

You can verify in the raw logs if the user information comes from authentication activity or device detection

-> if the username is logged in 'user' field, then the information comes from some kind of authentication (captive portal, FSSO - though then the name would be in capital letters, VPN, etc)

-> if the username is logged in 'unauthuser' field, then the information comes from device detection and there's not much we can do about that

We have a KB on device detection and unexpected usernames:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-unauthuser-and-unauthusersource/ta-p...

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++