Fortinet Community

Totologie · ‎04-21-2022

Hello

I have a client who use FAZ and ask me a question :

I have weekly a report High Bandwidth Application Usage.
In this report, we notice that :

"NOCLUGNA" is a user on his network. But he has 45 other users on the network.

I guess they are in the remaining 99,8%

But do you have any idea why only this user emerges in this report and not the other ?? :\

I read several articles about that. They often talk about LDAP configuration, but in his firewall there is no LDAP configuration :\

If someone has an idea or can explain to me

Best regards

AB

seshuganesh · ‎04-21-2022

Hi Team,

Only if the user information comes to firewall some or other way, it will show in forward traffic logs.

From there reports will be generated.

If there is no ldap, may be users are logged in through captive portal local users or through FSSO or any other authentication mechanism.

Please check and keep us posted

Debbie_FTNT · ‎04-22-2022

Hey Totologie,

if there is no authentication setup on the FortiGate at all, then user information may come from device detection.

You can verify in the raw logs if the user information comes from authentication activity or device detection

-> if the username is logged in 'user' field, then the information comes from some kind of authentication (captive portal, FSSO - though then the name would be in capital letters, VPN, etc)

-> if the username is logged in 'unauthuser' field, then the information comes from device detection and there's not much we can do about that

We have a KB on device detection and unexpected usernames:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-unauthuser-and-unauthusersource/ta-p...

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

Fortinet Community

User in report without any ldap settings