Admin Name field
This field is used for user quarantine and gather the information of which administrator did the action.
1.When user do quarantine by source address on FortiView, check the Log->System Events on GUI and CLI of the FortiGate, you will see the below log,
1: date=2017-02-06 time=15:49:36 logid="0100043776" type="event" subtype="system" level="notice" vd="root" logdesc="NAC quarantine" srcip=192.168.4.47 action="ban-ip" banned_src="admin" admin="admin" duration=1800 msg="An administrative ban was created"
2.When user undo quarantine by source address on Monitor->User Quarantine, check Log->System Events on GUI and CLI, you will see the below log,
1: date=2017-02-06 time=15:55:26 logid="0100043776" type="event" subtype="system" level="notice" vd="root" logdesc="NAC quarantine" srcip=N/A action="clear-bans" banned_src="admin" admin="admin" msg="A ban was cleared"
So this field admin will be shown in FortiAnalyzer to show which admin asked for an administrative ban.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.