Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
suzuki_todd
New Contributor

Admin account shows as source on Forward Traffic logs

I was looking at the forward traffic logs on our firewall and I saw one of our administrator accounts was listed as the source for a particular endpoint. The admin was not logged in, only one user was currently logged in, computer has been rebooted a number of times since I first saw this and this admin account is still linked as the source for this computer.

 

The source entry appears to get its information from FortiClient?

 

 

 

1 REPLY 1
johnathan
Staff
Staff

How are you doing authentication on your firewall; did the user have to authenticate before being allowed to generate traffic? Any FSSO? Is the user connected via VPN?

"Never trust a computer you can't throw out a window."
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors