SecuReporter: user always unknown. How to identify?

Hi, the SecuReporter always reports source user as unknown. Because all our deployments are based on Active Directory, how can we identify the users who are visiting the websites? We already have SSL VPN with Active Directory and security groups in production, so is it possible to use some sort of same method for user logging?

And based on the first question: can the USG translate/resolve the source IP to a DNS record? Because now we have to manually lookup the computers' source name every time we want to know more about a certain source IP.

Answers

  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 269  mod

    Hi @MpDay,

     

    The username from AD server is able to be shown on the SecuReporter.

     

    Here is the example for your reference.

    In SSL VPN, move “ad-users” to Selected User.


    Enable “Force all client traffic to enter SSL VPN tunnel”. It means SSL VPN users access the Internet through the ZyWALL.


    Create a content filter profile.

    Remember to log all pages.


    Create a new security policy rule and apply the content filter profile to this rule.

    If you use default Auth. Method, remember to add group ad to default method.


    SSL VPN is connected. The user type of “AMY” is ad-users.


    On SecuReporter, the ad-user “AMY” is shown on the list.


    For users in LAN, you need to enable web authentication in order to see usernames on SecuReporter instead of “unknown” user.


  • CommsCoCommsCo Member, SD-WAN Beta Posts: 13  Freshman Member
    Same question from a different angle:

    Using the ATP800 to both manage vLANs to separate departments and bandwidth manage public IP addresses that are derived from the WAN.

    The WAN has multiple public IPs, which are fed to routers after the ATP800 via port 12, set as "general" and in the DMZ.

    Any traffic via this interface is marked "Unknown", so not much use in a report.

    Can the individual IPs be reported on?
  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 586  mod
    edited May 28, 2019 6:40PM

    Hi @CommsCo

    In the currently design, you can find source/destination IP by UTM function.(e.g. most popular websites)

    But unable to show the IP address those passed by Interface view.

    Thanks for your suggestion, I will add it as idea.


Sign In to comment.