Description
This article describes how to ensure that a Client user name is correctly associated with an IP address and displayed in web reports generated by the FortiAnalyzer device.
Solution
To ensure that User Names are associated with IP addresses and are correctly generated within the FortiGate reporting utility, firewall authentication must be enabled on the firewall policy used by the Users required for reporting purposes.
FortiOS authentication methods available are:
- Local password authentication with a locally created FortiOS user.
- Single Sign On authentication using FSAE with Active Directory or NTLM and Novell Networks using eDirectory.
- Server Based authentication using Radius, LDAP, TACACS+ servers, Directory Service servers, RSA/ACE (SecureID) servers.
- Certificate-based authentication for SSL VPN, HTTPS, and IPSec VPN's.
With firewall authentication enabled, the bar charts and graphical representation of Users will show instead of simply the User's IP address.
Examples of such charts include:
- Top Allowed Web Users.
- Top Blocked Web Users.
- Top Active Web Users.
Charts for IP addresses will always show the IP address (or the reverse DNS FQDN of that IP address) of the source address.
If the charts show N/A in the username column this means that authentication has not been configured correctly and the FortiGate is not sending the username to the FortiAnalyzer. In this instance please open a FortiCare ticket to troubleshoot the issue.
