Sophos Connect - Where to view client's WAN IP address in logs?

You can find the IP's in the authentication logs (log viewer)

If I filter the Authentication log by IPSec client only, I see no WAN address for those events. The " src_ip and "from" both show only the DHCP address of the client: 2020-12-09 12:45:44Authenticationmessageid="17701" log_type="Event" log_component="Firewall Authentication" log_subtype="Authentication" status="Successful" user="user@domain.com" user_group="VPNusers" client_used="IPSec" auth_mechanism="" reason="" src_ip="10.xxx.xxx.xxx" message="User user@domain.com of group VPNusers logged in successfully to Firewall through  authentication mechanism from 10.xxx.xxx.xxx" name="Lastname, firstname" src_mac=""

If I filter the Authentication log by IPSec client only, I see no WAN address for those events. The " src_ip and "from" both show only the DHCP address of the client: 2020-12-09 12:45:44Authenticationmessageid="17701" log_type="Event" log_component="Firewall Authentication" log_subtype="Authentication" status="Successful" user="user@domain.com" user_group="VPNusers" client_used="IPSec" auth_mechanism="" reason="" src_ip="10.xxx.xxx.xxx" message="User user@domain.com of group VPNusers logged in successfully to Firewall through  authentication mechanism from 10.xxx.xxx.xxx" name="Lastname, firstname" src_mac=""

I have clients authenticate IPsec with local accounts (clients have to authenticate later with LDAP accounts) with long and complex passwords

So for me, the WAN IP address is present in log entries of "My Account Authentication" notices

Ok, I see that now. Seems odd to classify that as a "Local" login. That would seem to imply someone logging directly into the user portal on the device.