Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Totologie
New Contributor

Created on ‎04-21-2022 02:26 PM

User in report without any ldap settings

Hello

 

I have a client who use FAZ and ask me a question :

I have weekly a report High Bandwidth Application Usage.
In this report, we notice that :

 

image001.png

 

"NOCLUGNA" is a user on his network. But he has 45 other users on the network.

I guess they are in the remaining 99,8%

 

But do you have any idea why only this user emerges in this report and not the other ?? :\

 

I read several articles about that. They often talk about LDAP configuration, but in his firewall there is no LDAP configuration :\

 

If someone has an idea or can explain to me

 

Best regards

 

 

 

AB
AB
Labels:
944
0 Kudos
2 REPLIES 2
seshuganesh
Staff
Staff

Created on ‎04-21-2022 11:48 PM

Hi Team,

 

Only if the user information comes to firewall some or other way, it will show in forward traffic logs.

From there reports will be generated.

If there is no ldap, may be users are logged in through captive portal local users or through FSSO or any other authentication mechanism.

Please check and keep us posted

890
0 Kudos
Debbie_FTNT
Staff
Staff

Created on ‎04-22-2022 12:54 AM

Hey Totologie,

if there is no authentication setup on the FortiGate at all, then user information may come from device detection.

You can verify in the raw logs if the user information comes from authentication activity or device detection

-> if the username is logged in 'user' field, then the information comes from some kind of authentication (captive portal, FSSO - though then the name would be in capital letters, VPN, etc)

-> if the username is logged in 'unauthuser' field, then the information comes from device detection and there's not much we can do about that

We have a KB on device detection and unexpected usernames:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-unauthuser-and-unauthusersource/ta-p...

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
886
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.