Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

Usernames instead of IP in reports

Hi ! We just bought a FortiAnalyzer 100B to test the reports, and my questian is: is it possible to get usernames in the reports instead of local IP adresses ?? Thanks !

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
6 REPLIES 6
ounass
New Contributor

Hello I Have the same problem. I try with alias but it doesn' t work. I try with FSAE but it dosn' t work too.
rwpatterson
Valued Contributor III

Anyone figure out if it' s possible to get AD names in reports? Just upped the firmware on the FAZ to MR5, and am still unable to accomplish this. Thanks

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
rwpatterson
Valued Contributor III

This is gonna be long winded, but it' s a solution that is working, at least on the test scenario I have tried. [ul]
  • Install FSAE on the AD server (I used v021)
  • Set the DNS on the AD server to receive automatic updates from any IP domains that will be using this method
  • Set the workstations to ' Register this connection' s addresses in DNS' under the ' network card properties > TCP/IP > Advanced > DNS' . I did not select the next option to use the suffix as well. This WILL NOT WORK if the workstation ID is not populated in the AD DNS table!!
  • After pulling my hair out for some time, we discovered the only way for this to work is to set the DHCP service to automatic, even if you hard code the IP addresses like we do[/ul] Set up the AD server on the FGT like the documentation states, and add that authentication method to the policies you wish to have names appear in. I then ran a report and filtered on my name, and the report showed me my name as opposed to my IP address. Sweeeeeeet!
  • Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    doshbass
    New Contributor III

    Hmm, I don' t know whatthe problem is here. If you authenticate the user to teh FG, either LDAP, Radius, Local or AD, then the FG sends the username in the logs. So given that the raw data is there, is the problem with the Analyzer not having a user report?
    Still learning to type " the"
    Still learning to type " the"
    rwpatterson
    Valued Contributor III

    Prior to using AD, we only used local authentication. People inside surfing the web did not need to authenticate to get out, so no names were available to be placed in the FAZ reports, hence the issue. Now all users will invisibly be authenticated (they won' t know), and then we will have the ability to see these names in our reports.

    Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    doshbass
    New Contributor III

    Ah, So you were trying to get the FAZ to resolve username to IP via DNS. OF course that would mess you up if you were looking at last months report and asked it to resolve today. Jon
    Still learning to type " the"
    Still learning to type " the"
    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors