Hello
we've found a problem with our FortiGate Firewall's traffic logs: the device and source IP address don't match, and each time we find the same device synchronized to a different IP address, knowing that all the machines are configured with static IP addresses.
Maybe it's good to know, the probelm occur after a migration from a FG-100E to an FG-100F
I add that we have good synchronization between the ip addresses of the machines and the ip addresses in the dns resolution. On the other hand, some users have more than one machine with the same AD session.
Here is a screen shot
Thank you in advance
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Please let us know if the Fortigate device is behind a layer 3 device; if so, the same Mac address will be displayed for different devices.Kindly refer the below document.
Regards
Jamal
Hi,
It's the same for all user not just one user.
Regards
Hi Jamal,
The issue in the link you sent do not match my issue.
and the problem is with all user not only one, the issue is that we have static adressing mode but multiple ip adresses are desplayed in the log for one machine and one user.
Regards
Best Regards
Hi Slim2,
Can you download and share the forward logs
Regards
Jamal
Dear Slim2,
in addition to Jamal's suggestion, you can also check the logs themselves to see where the user information is coming from. In particular, that username may have been discovered via device detection at some point, and thus become associated with various devices even if the username is no longer correct.
More information on usernames discovered via device detection:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-unauthuser-and-unauthusersource/ta-p...
Hi Debbie,
Here is the Network architecture and it's the same issue with all the users and not only one.
And how it's possible that each time we find the same device synchronized to a different IP address when we have a static adressing mode ?
Best Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1082 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.