- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
User in report without any ldap settings
Hello
I have a client who use FAZ and ask me a question :
I have weekly a report High Bandwidth Application Usage.
In this report, we notice that :
"NOCLUGNA" is a user on his network. But he has 45 other users on the network.
I guess they are in the remaining 99,8%
But do you have any idea why only this user emerges in this report and not the other ?? :\
I read several articles about that. They often talk about LDAP configuration, but in his firewall there is no LDAP configuration :\
If someone has an idea or can explain to me
Best regards
- Labels:
-
FortiAnalyzer
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
Only if the user information comes to firewall some or other way, it will show in forward traffic logs.
From there reports will be generated.
If there is no ldap, may be users are logged in through captive portal local users or through FSSO or any other authentication mechanism.
Please check and keep us posted
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Totologie,
if there is no authentication setup on the FortiGate at all, then user information may come from device detection.
You can verify in the raw logs if the user information comes from authentication activity or device detection
-> if the username is logged in 'user' field, then the information comes from some kind of authentication (captive portal, FSSO - though then the name would be in capital letters, VPN, etc)
-> if the username is logged in 'unauthuser' field, then the information comes from device detection and there's not much we can do about that
We have a KB on device detection and unexpected usernames: