I cant find an answer to this anywhere within the FA forum, can you help.
We have different remote FG FW's dotted around the country feeding logs into FA with user groups routing through certain firewalls.
I have created different reports to query the separate firewalls for suspicious keyword activity per user but when I view the report every user is in every different report not the specific users who route through the specific firewall.
I have then tried with filters to the LDAP server setup within the FG copying the exact details pf our LDAP server setup within the GUI to the LDAP server report configuration within the LDAP Queiry filter section but when i run the report nothing changes, i still see all the traffic from every user not just specific users within that LDAP group.
In the filters section i have selected group then in the value field i have entered the group exactly as its setup within the FG GUI, an example group name being( with spaces in it ) PDB JB - WPB 1, i have also entered this into the value field within double quotes but nothing changes. I have also entered the long LDAP group starting OU but still the same data for every user.
Has anybody got LDAP report filtering working if so can you help please ?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.