Hi,
I've got a Fortigate 40F and the source objects you can see on the logs/fortiview they don't match the current user. It's like it's showing maybe the first user that connected with that IP, but it's not updating.
I've got it connected with LDAP.
How can I make it update the names so they are correct on the logs?
Thanks,
Albert
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hey AAguilo,
FortiGate might simply not see different user information through device detection. Any user information via device detection is a guess at best, based on what information FortiGate was passively able to detect.
A somewhat more thorough explanation: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-unauthuser-and-unauthusersource/ta-p...
There isn't really a way for FortiGate to forcibly update the user information.
You can delete the device entry via CLI (dia user device del <MAC address>), but that's about it, and FortiGate might start filling in different user information found through device detection.
Hi Team,
I understood your query.
Could you please let us know what is the IP address associated with that user under dashboard >>users and devices
Is it updating there?
Please keep us posted
The IP's are correct and the hostnames are correct. The only thing it's not updating is the username. And it's showing the wrong user everywhere, on the logs, on the dashboards...
May i know how the user is getting authenticated with the firewall?
Is it only through device identification or through any other authentication mechanism like captive portal or FSSO?
Only through device identification. It's set up at the users interfaces with the "device detection" setting
Hey AAguilo,
FortiGate might simply not see different user information through device detection. Any user information via device detection is a guess at best, based on what information FortiGate was passively able to detect.
A somewhat more thorough explanation: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-unauthuser-and-unauthusersource/ta-p...
There isn't really a way for FortiGate to forcibly update the user information.
You can delete the device entry via CLI (dia user device del <MAC address>), but that's about it, and FortiGate might start filling in different user information found through device detection.
Thank you for this explanation, i thought the device identification would update the information. Knowing this i will just delete the devices having this issue so they can be identified again.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.