user name display N/A on forticloud

Slim2 · ‎09-29-2023

Hi All,

I 'm facing an issue, in the Forticloud report, the user who use the most the bandwidth is displayed as N/A.

We use FSSO as authentication method.

Have anyone an explanation ?

Thank you in advance

nweckel · ‎09-29-2023

Hello!

The FortiCloud report will take information from FortiGate logs. In those logs, there are two different fields (for user): 'user=' and 'unauthuser='.

So if in the logs you have 'user=XX' and 'unauthuser=xx', the information in the FortiCloud report will be XX(xx). If there is no info in one of those fields (in the logs), it will be displayed as N/A in the report.

Slim2 · ‎09-29-2023

Hi nweckel,

thank you for the explanation

What should I do to resolve it ?

xshkurti · ‎09-29-2023

@Slim2
N/A means that either the log entry itself doesn't track userinfo, or no username was provided.
Even though you have FSSO, i think there might be some servers in your infrastructure that have services without FSSO or that go directly to internet.
N/A is a sum of all N/A servers/services that do not use authentication to reach to internet.

You can check forwarding logs on your fortigate to see how many logs are generated that do not have username on it. From these logs you can track IP address and find which PC/Server is using internet without FSSO and what policy are they using.