Hot!Can Fortigate discover Active directory user names ?

Author
John_Williamson
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/29 14:04:30
  • Status: offline
2019/01/29 14:09:46 (permalink)
0

Can Fortigate discover Active directory user names ?

We would like to be able to better identify users with our Fortigate, when we view FortiView, rather than just getting IP addresses to hunt down. Sometimes, the device name is shown, but not always and often I have to hit "Sources" under FortiView a second time for that to happen.  If Fortigate can't do that , on it's own, is there another product or plug-in that would facilitate this ? 
 
#1

7 Replies Related Threads

    re.zagorodnev
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/03 04:58:50
    • Status: offline
    Re: Can Fortigate discover Active directory user names ? 2019/01/30 06:24:29 (permalink)
    0
    Hi. FortiOS version? Last 6.0.4 have bug in fortiview.
    #2
    John_Williamson
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/29 14:04:30
    • Status: offline
    Re: Can Fortigate discover Active directory user names ? 2019/01/30 08:04:45 (permalink)
    0
    Currently on 6.02, but will hit the "Update" button soon. 
     
    Most docs I've found talk about authenticating with the Fortigate, but that is not my goal. I just want a way to link the logged in user to the IP so I know who to call when I see stuff I need to ask about. 
     
     
    #3
    emnoc
    Expert Member
    • Total Posts : 5182
    • Scores: 337
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: Can Fortigate discover Active directory user names ? 2019/01/30 09:36:23 (permalink)
    0
    Do you have identification set on the interface? I haven't played around lately in this and we have the same issues with Forcepoint  NGFW where end-users only need USER-ID and not authentication. They a  FUID solution that a bitch and bear to get up and running but works fair to good in most cases.
     
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #4
    re.zagorodnev
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/03 04:58:50
    • Status: offline
    Re: Can Fortigate discover Active directory user names ? 2019/01/30 22:10:47 (permalink)
    0
    You need to setup FSSO in fabric connectors (polling AD or fsso agent), add fsso group, and you can see logged on domain users in fortigate web console Monitor-Firewall User Monitor. Or by command "diagnose debug authd fsso list" in CLI console. If users auth not needed you must use ipv4 policy without groups in rules, just ip or networks in source.
    #5
    John_Williamson
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/29 14:04:30
    • Status: offline
    Re: Can Fortigate discover Active directory user names ? 2019/03/12 09:04:24 (permalink)
    0
    I know this is an old thread, but things got busy at work.
     
    Just to be clear, I do NOT want to have users login IN to the Fortigate. I want to be able to link to Active Directory and pull the data for identification. Besides wanting to see a user name of the person sending data through the firewall, we need to be able to link Active Directory groups to the Fortigate web filter profiles. That is how we have been using iBoss and want to replace that device with our Fortigate. As an example, we create a group in AD and assign users to it. That group is also listed in the iBoss as a group we can define web access policies to.
     
     
    #6
    benjamin_FR
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/04/08 07:36:20
    • Status: offline
    Re: Can Fortigate discover Active directory user names ? 2019/04/12 01:59:35 (permalink)
    0
    Hi, i have the same problem, i need Active Directory username in fortiview. 
    In France, the law imposes to be able to identify a person if it has committed an offense on the internet
    #7
    mani.samuel@fnds.gov.mz
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/03/12 00:06:04
    • Status: offline
    Re: Can Fortigate discover Active directory user names ? 2019/04/15 02:57:37 (permalink)
    0
    Dears, 
    I have a firewall fortigate 100 in the HQ with internal ip 172.16.17.254. I have a firewall in the field office with ip 172.16.30.254. I can ping from the field office to HQ but can ping from HQ to filed office. What might be cause
     
    #8
    Jump to:
    © 2019 APG vNext Commercial Version 5.5