Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ajoy
Staff
Staff

Created on ‎11-23-2023 06:03 PM

Article Id 285838

Technical Tip: The difference between 'Destination Unauthenticated User' and 'Destination User' in the logs

Description This article describes the difference between 'Destination  User' and 'Destination Unauthenticated User' depicted in the logs.
Scope FortiOS versions 6.x.x to 7.x.x.
Solution destination_unauthenticated_user.png


The following variables are present in this example:

 

  • Source User = JMCCRACKEN
  • Destination User = CWEAVER
  • Destination Unauthenticated User = joindomain

 

Here, the users 'JMCCRACKEN' and 'CWEAVER' can be learned from authentication such as FSSO. The current log shows the 'Source user' reaching out to the 'Destination User' for the 'DCE-RPC' service.

 

For 'Destination Unauthenticated User':

  • The logs of 'Destination Unauthenticated User'='kerberos' are collected from Kerberos traffic from the authentication process between a PC and AD.
  • If FortiGate has device detection enabled on the interface, the authentication process between the PC and AD (Kerberos traffic) is inspected by FortiGate and the username will be recorded.
Labels:
585
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.