FortiAnalyzer reports with username.

Report Inappropriate Content · ‎10-29-2008

Hi, So I managed (after much pain) to get FSAE working and LDAP on our FortiGate, I can run a few commands through the CLI to see who is logged in against what IP (diag debug authd fsae list). The only problem is, is that the reports generated by the FortiAnalyzer are still only showing with the users IP address. Ive configured LDAP on the Analyzer which shows the user groups fine. Looking at the Analyzer' s live log viewer, the messages are showing user=" N/A" etc.

itime=1225324741 date=2008-10-30 time=11:57:38 ~ type=webfilter subtype=ftgd pri=notice vd=root policyid=20  user=" N/A"  group=" N/A"  src=**.**.**.** sport=1362 src_int=" internal"  dst=209.85.201.189 dport=80 dst_int=" wan1"  service=" http"  method=" domain"  cat=23 cat_desc=" Web-based Email"

Where am I going wrong, starting to get really frustrated with this.

rwpatterson · ‎10-29-2008

Welcome to the forums. I' m not sure about LDAP, but for user names and FSAE you have to enable (but not necessarily use) DHCP on the workstations, and in the NIC setting, enable ' Register DNS suffix...' . That worked for me, after too much hair pulling...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Report Inappropriate Content · ‎10-29-2008

I' ve enabled that setting on my laptop, see if it picks it up by tomorrows report, a run a on demand report, no love. Does the FSAE authorisation have to be on at the firewall, FSAE is there, collecting the information, but it isnt enabled for instance, on the Internal -> WAN policy. Reason being, is thats another problem we' ve had, enabled the authorisation and no-one can access the internet.

rwpatterson · ‎10-30-2008

Yes, it must be enabled on the policy. Select guest access to match the authorized access on the same policy. We have yet to roll this out company wide because of similar issues. It was put way down on the back burner.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Report Inappropriate Content · ‎10-30-2008

All working now, wonderful, now for some testing. Need to get rid of the " Authenticated, redirecting in....." message now >.<

p768 · ‎10-31-2008

try upgrading to 3.00 mr6 patch3

Report Inappropriate Content · ‎11-07-2008

Hi, I also installl fortinet analyzer 2 weeks ago and the goal of having this is see how are users web traffic activity and run report against domain users NOT ip addresses. But when I run report, it only shows the ip addresses. could you please point me in the right direction. 1. Do I need to configure LDAP on FortinAnalyzer 100B as well as Fortinet100A. Appreciate your help. thanks

Report Inappropriate Content · ‎11-19-2008

Same here We would also need some pointing :O) Have FSAE setup and firewall is logging users. Now I we need to get it working with the Analyzer

rwpatterson · ‎11-19-2008

If the policy uses FSAE, then you should be getting user names in the FAZ.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Report Inappropriate Content · ‎12-08-2008

Yes but are there any nice walkthrough on how to set it up?

FortiAnalyzer reports with username.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website