I am an admin and one of the client for the company that I am working for, is visiting websites that he/she should not.
From the FortiGate 80F's log, I can see that his/her action has been blocked by my Web-Filter but I would really like to know who this person is.
Is there a way to find this out?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @FortiUser5,
In the logs, you should be able to see the source IP address. You can check on the Dashboard > Assets & Identities > Assets > You should be able to see the MAC address.
Regards,
Hey FortiUser5,
please note that if you have a layer3 switch in between the FortiGate and that user, the MAC address may not actually be accurate.
Depending on what device the user is on, the MAC address might also be randomly generated.
If there is no switch in between, and the device in question does NOT randomize MAC addresses, then yes you can get the detected MAC address from traffic log (there should be a matching one for the web-filter log, simply search for traffic logs with same session ID).
If there is an L3 switch in between, then you can instead check DHCP server records to find who requested that IP, and get the MAC address from there (depending on how long ago this was).
Again, this might not work if the device in question randomizes MAC addresses.
Aside from that, you can only really make changes to detect the user going forward, like enforcing some kind of authentication (FSSO might be an option if you're in a Windows AD environment and want the authentication to be passive, without user input required), so that users are logged in the future.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.