FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff
Article Id 196813
Description

This article provides instructions on how to list, monitor, or de-authenticate users currently authenticated on a FortiGate.  This applies when users are authenticated with the following methods :

  • Local (user) authentication (accounts/password stored on the FortiGate)
  • LDAP
  • Radius
  • TACACS+
FSAE and FortiGuard override with authentication are not in the scope of this procedure.  Please refer to related articles.
Solution
1.  Procedure from the CLI (all FortiOS)

1.1.  To list users currently authenticated, use the following CLI command:

FGT# diagnose firewall iprope authuser
username: localuser
(firewall_user_group)
source:   10.160.0.94 - 10.160.0.94

username: user1
(firewall_user_group(ldap_server))
source:   10.160.0.93 - 10.160.0.93

From the above entry, 2 users are listed as currently authenticated, belonging to same user group, with the following details
  • The first entry for a user lists the username itself (i.e. localuser, user1)
  • The second entry indicates the user group (i.e. firewall_user_group)
  • The value in quote after the user group (if applicable), indicates the remote authentication services (i.e ldap_server)
  • The last entry is showing the IP address against which the user is authenticated

1.2 . To reset the authentication, use the following CLI command :

FGT# diagnose firewall iprope resetauth

Warning: This command will reset all authenticated users.  The command does not clear the sessions, this means that some users may still be able to access to resources until their session expires.


2.  Procedure from the Web Based Manager (GUI), FortiOS 4.0MR2

The image below indicates the place where authenticated users can be monitored.  Note the "trash bin" icon on the right of each user line which will allow an individual de-authentication.  This view also provides information about the duration and the traffic volume generated by these sessions.


rmetzger_FD32395_FD32395.jpg 


Related Articles

Technical Note : FSAE Troubleshooting Guide

Contributors