SecuReporter: user always unknown. How to identify?

MpDay
MpDay Posts: 7  Freshman Member
First Comment Second Anniversary
edited April 2021 in Security
Hi, the SecuReporter always reports source user as unknown. Because all our deployments are based on Active Directory, how can we identify the users who are visiting the websites? We already have SSL VPN with Active Directory and security groups in production, so is it possible to use some sort of same method for user logging?

And based on the first question: can the USG translate/resolve the source IP to a DNS record? Because now we have to manually lookup the computers' source name every time we want to know more about a certain source IP.

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @MpDay,

     

    The username from AD server is able to be shown on the SecuReporter.

     

    Here is the example for your reference.

    In SSL VPN, move “ad-users” to Selected User.


    Enable “Force all client traffic to enter SSL VPN tunnel”. It means SSL VPN users access the Internet through the ZyWALL.


    Create a content filter profile.

    Remember to log all pages.


    Create a new security policy rule and apply the content filter profile to this rule.

    If you use default Auth. Method, remember to add group ad to default method.


    SSL VPN is connected. The user type of “AMY” is ad-users.


    On SecuReporter, the ad-user “AMY” is shown on the list.


    For users in LAN, you need to enable web authentication in order to see usernames on SecuReporter instead of “unknown” user.


  • CommsCo
    CommsCo Posts: 22  Freshman Member
    First Comment Third Anniversary
    Same question from a different angle:

    Using the ATP800 to both manage vLANs to separate departments and bandwidth manage public IP addresses that are derived from the WAN.

    The WAN has multiple public IPs, which are fed to routers after the ATP800 via port 12, set as "general" and in the DMZ.

    Any traffic via this interface is marked "Unknown", so not much use in a report.

    Can the individual IPs be reported on?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    edited May 2019

    Hi @CommsCo

    In the currently design, you can find source/destination IP by UTM function.(e.g. most popular websites)

    But unable to show the IP address those passed by Interface view.

    Thanks for your suggestion, I will add it as idea.


  • halter
    halter Posts: 8  Freshman Member
    First Answer First Comment Fourth Anniversary
    edited August 2019

    idea -> die?

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @halter ,

    All the ideas in the “ideas” category are valuable to us. And the “like” number is an important evaluation factor. The more “like” this idea can get, the more opportunity it will come true in our future design. 

Security Highlight