Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 3064 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot see usernames in logs on XG

Andrew Conaway

AD authentication is working but for some reason when I try to lookup employee internet traffic logs don't show a username, only their IP address. 



This thread was automatically locked due to age.
Parents
  • 0

    Hello Andrew,

    Thank you for contacting the Sophos Community.

    Make sure that the Firewall rule where users that authenticate using AD have the Match known users enabled.

    As well as the Log traffic option is enabled in that Firewall rule.

  • 0 in reply to emmosophos

    Easy enough, but what will happened to users who are not known? Will they still hit same allowed rule or will their traffic be dropped?

  • 0 in reply to Andrew Conaway

    User authentication is used as a replacement of the Source IP.

    Rephrase it: Firewall uses Source IP, Destination IP and Service to apply a rule to the traffic. 

    XG can replace the Source IP parameter with a Username, if the user is authenticated (Live Users). 

     

    You can activate authentication in the firewall, it will apply this rule only to authenticated users. 

    You can activate "Show captive portal to unknown user", it will throw a way to authenticate to all IPs, which are not known. 

Reply
  • 0 in reply to Andrew Conaway

    User authentication is used as a replacement of the Source IP.

    Rephrase it: Firewall uses Source IP, Destination IP and Service to apply a rule to the traffic. 

    XG can replace the Source IP parameter with a Username, if the user is authenticated (Live Users). 

     

    You can activate authentication in the firewall, it will apply this rule only to authenticated users. 

    You can activate "Show captive portal to unknown user", it will throw a way to authenticate to all IPs, which are not known. 

Children
No Data