Description
This article describes how to enable username for Dialup VPN users in forward logs, web filter logs / security profile logs.
Solution
Dialup VPN can be configured based on the document below:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/785501/forticlient-as-dialup-client
With the above configuration, the logs generated for web traffic does not log the username since there are no attached user / group in the security policy.
To log the username in logs involves 2 changes to the existing dialup VPN.
1) Change the XAUTH User group configuration to 'Inherit from policy' instead of choosing the group / user.
This article describes how to enable username for Dialup VPN users in forward logs, web filter logs / security profile logs.
Solution
Dialup VPN can be configured based on the document below:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/785501/forticlient-as-dialup-client
With the above configuration, the logs generated for web traffic does not log the username since there are no attached user / group in the security policy.
To log the username in logs involves 2 changes to the existing dialup VPN.
1) Change the XAUTH User group configuration to 'Inherit from policy' instead of choosing the group / user.
2) Configure the user / group as a matching criteria on the firewall policy for the Dialup VPN.
Results.
Before:
Before:
After:
