Dear Community,
i’m forced with tracking some users behavior, especially if and which private sites they access from their company PC (i.e. youtube, etc.)
I stumbled upon some problems though.
My general understanding is, that the first thing to look at is the „Log Viewer/Web Filter“. When i access that i see all the entries, but the „username“ field is not populated. I do see all users though when i look at "Authentication - Users" with their username, so the firewall knows them.
I looked around for a solution and it was mentioned, that the „Match known users“ box need to be ticked for usernames to appear in the Logviewer, so i did that at the last „default communication“ rule under „Rules and policies“, which allows everything that is not blocked by another rule before.
To my understanding this „Match known users“ uses the „Any“ group (which is already ticked by default in the „User or groups“ list), but as soon as i save that change, my own user account got blocked from accessing any website in the browser, which probably means i would block the access for every user.
My question here: Does „any“ not work in that scenario? When i click on „Add new item“ i see all user accounts and if remove the checkbox from „Any“ here, i can select users individually. Is that the way to go here, to select every user manually? Or should "Any" work and i did something wrong before?
An additional question about the Logviewer: When i select the „Web filter“ and search i.e. for youtube i get results with Youtube in the referrer column and Youtube related links (like ytimg.com or googlevideo.com/videoplayback) in the URL column, but i not see the real URL the user has visited in the browser. Is there any way/another filter where i can access that information?
It was mentioned as well, that web activities are also visible under „Authentication“ - „Users“ - „View usage“, but to my understanding this shows only some general informations like Upload and Download traffic, right? I cannot get additional informations like visited URL’s here?
Thanks a lot for your help
Thomas
This thread was automatically locked due to age.