I was looking at the forward traffic logs on our firewall and I saw one of our administrator accounts was listed as the source for a particular endpoint. The admin was not logged in, only one user was currently logged in, computer has been rebooted a number of times since I first saw this and this admin account is still linked as the source for this computer.
The source entry appears to get its information from FortiClient?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
How are you doing authentication on your firewall; did the user have to authenticate before being allowed to generate traffic? Any FSSO? Is the user connected via VPN?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.