Traffic Dashboard > Web Users > Unidentified.

TL:DR

Do I have to do this:

https://community.sophos.com/kb/en-us/123156#2-Sophos%20Clientless%20SSO%20Authentication

to get this:

 

Long Version: Installed XG135. LOVE. Got everything running smoothly.

Boss: can we get more granular info? Set up workstation to dedicate to iView. Install iView. Seems to work OK. Until I go to get more granular info. Dashboards> Traffic> User

USER UNIDENTIFIED, BYTES 5.6, GB PERCENT 100%

This is because I did NOT do the AD integration, correct? 

 

 

 

 

  • Hi  

    Yes, that is correct. (However, there are other flavors of associating a user database to your XG - LDAP, RADIUS, etc. but AD is the most commonly used and supported)

    Then there are a couple of different options available:

    Then creating a user-enforced firewall rule that applies a web policy.

    Regards,

  • In reply to FloSupport:

    More or less.  Ultimately if you do not have authentication then it should report on IP address.  If you have authentication than it can report on the username.  There are a few authentication services provided, but AD is the most common.  There are a few different ways that the XG can learn who the user is at each IP.  If you do not have AD you can still have XG-created users and a more limited way of determining which user is where.

     

    clientless users - this is a permanent IP-User mapping.  Typically non-AD users.  Useful in non-AD environments, where devices are always used by one person, or servers which might do traffic but not have anyone logged in.

    STAS - If I recall correctly there are a few AD integration, the most common is STAS

    CAA - A client sitting in the system tray is used to log in an out

    (web only) Captive Portal - web traffic from an unknown user gets redirected to a portal login page where they have to enter in username and password.  Both AD and non-AD supported.

    (web only) AD SSO (single sign on) - web traffic from an unknown user uses NTLM to automatically (silently) log in as same user.  Only AD supported.  Falls back to Captive Portal.

     

    Some considerations:

    Do you want the user only for reporting purposes, or whether you want to apply different policies to different users.  eg No one is allowed to visit Social Networking before 5pm...  except the boss. 

    Do you have guest wifi access

    Do you have byod wifi access - because personal phones are not typically associated with AD users

    Do you have people changing their IP addresses

    Do you have multiple people using the same computer 

    Do you only care about web, or about all traffic (just which users are using the firewall rule that allows the Clash of Clans port).

    If some traffic is still not with a user is that ok, or are you looking to associate 100%

     

     

  • In reply to Michael Dunn:

    Thanks for taking the time, guys. Yes, we use AD.

     

    • Reporting only
    • I do, very locked down
    • I do and am not too concerned with that info at this point
    • People, no but I do not use assigned IP's so PC's may sometimes get new addy's from DHCP, of course
    • No
    • Web
    • That would be OK to not have 100%

     

  • In reply to Tony Argh:

    I would look at STAS.  If that doesn't work out, AD SSO (NTLM) with fallback to captive portal.  Phones would need to use captive portal, or you need to allow them without logging in and user logging.

  • In reply to Michael Dunn:

    One final question (hopefully) before I install STAS. Doing this today or tomorrow.

    I set up SSL VPN on my XG and manually added my VPN people. Will setting this up have any impact on that?

    Concerned that I have JEmployee setup there and then JEmployee set up in AD too.