Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 28224 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Showing IP's instead of Users under web protection logging and reporting

AbdullahAmer

Hi,

After configuring the user portals on the SG310 UTM 9 it appear once the users names in the reporting and logging under the web protection and now its just IP's.

The setup of the Authentication services : Create user automatechly for the web filter and user portal, and at the advance tab i am prefetching the AD users every night.

At the Web filter level, its in Transparent mode.

In the log file of the web protection i can see empty values for users (user="").

Very much appreciated your support.

Kind regards,



This thread was automatically locked due to age.
Parents
  • 0
    Does the UTM still show as joined to the domain?
    Even if it shows as joined, if you re-join it does it throw any errors?
    Under the web protection section, have you got any policies to authenticate against AD SSO?
    Also if you explicitly set the proxy on one machine to point back at the UTM - does the Username start being recorded?
  • 0 in reply to Emily
    Many thanks Emily for your reply,
    It was showing that its joined to the domain, however when i join it again it was failed to join.
    Fixed the issue above as it was not able to resolve the domain IP by having a "Request Routing".

    Till now i dont have names yet in the live log , but once i change the Default authentication to AD SSO the names start to show.

    The only thing remains is i still see in the logs many records without names even if i select "Block access on authentication failure" !

    Cheers,
    Abdullah
  • 0 in reply to AbdullahAmer
    Assuming its new entries that do not have a username logged (old entries wont get updated), if you check what the requests are e.g. are they proxy auth requests? or request that have been exempted from authenticating?

    Can you post some of the HTTP log that shows this?
  • 0 in reply to Emily
    2015:12:02-16:49:10 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.79" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdf04e000" url="crl.microsoft.com/.../microsoftrootcert.crl" referer="" error="" authtime="1" dnstime="3124" cattime="185" avscantime="0" fullreqtime="12351" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="175" reputation="unverified" categoryname="Software/Hardware"
    2015:12:02-16:49:10 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.79" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdf04e000" url="crl.microsoft.com/.../WinPCA.crl" referer="" error="" authtime="0" dnstime="0" cattime="48" avscantime="0" fullreqtime="31311" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="9998" reputation="unverified" categoryname="Uncategorized"
    2015:12:02-16:49:10 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.79" dstip="193.192.250.162" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdf6f3000" url="pki.google.com/GIAG2.crl" referer="" error="" authtime="1" dnstime="128" cattime="133" avscantime="0" fullreqtime="6081" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="google" app-id="182"
    2015:12:02-16:49:13 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.2.225" dstip="157.56.192.135" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="89647" request="0xe18db000" url="https://157.56.192.135/" referer="" error="" authtime="0" dnstime="0" cattime="113" avscantime="0" fullreqtime="4995840178" device="0" auth="0" ua="" exceptions="ssl,certcheck,certdate" category="9998" reputation="unverified" categoryname="Uncategorized"
    2015:12:02-16:49:13 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.2.225" dstip="91.190.216.61" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="1645" request="0xdfa00800" url="https://91.190.216.61/" referer="" error="" authtime="0" dnstime="0" cattime="78" avscantime="0" fullreqtime="4977198832" device="0" auth="0" ua="" exceptions="ssl,certcheck,certdate" category="178" reputation="neutral" categoryname="Internet Services"
    2015:12:02-16:49:13 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.2.225" dstip="213.199.179.151" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="99567" request="0xe1760800" url="https://213.199.179.151/" referer="" error="" authtime="0" dnstime="0" cattime="113252" avscantime="0" fullreqtime="4989806978" device="0" auth="0" ua="" exceptions="ssl,certcheck,certdate" category="105" reputation="neutral" categoryname="Business"
    2015:12:02-16:49:14 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.2.225" dstip="91.190.216.212" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="5" request="0xdf8a8800" url="https://91.190.216.212/" referer="" error="" authtime="1" dnstime="0" cattime="115" avscantime="0" fullreqtime="46521" device="1" auth="2" ua="" exceptions="ssl,certcheck,certdate" category="178" reputation="neutral" categoryname="Internet Services"
    2015:12:02-16:49:14 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.6.35" dstip="104.86.148.136" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xda8f9800" url="www.microsoft.com/.../MicSecSerCA2011_2011-10-18.crl" referer="" error="" authtime="1" dnstime="2880" cattime="75" avscantime="0" fullreqtime="17936" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="111" reputation="neutral" categoryname="Education/Reference"
    2015:12:02-16:49:15 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.23.56" dstip="194.230.42.232" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="14" request="0xdaac6800" url="www.msftncsi.com/ncsi.txt" referer="" error="" authtime="1" dnstime="5848" cattime="84" avscantime="1127" fullreqtime="17272" device="1" auth="2" ua="Microsoft NCSI" exceptions="" category="105" reputation="trusted" categoryname="Business" content-type="text/plain"
    2015:12:02-16:49:15 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="X.23.56" dstip="195.27.181.54" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xda818000" url="http://touch.kaspersky.com/" referer="" error="" authtime="1" dnstime="5844" cattime="45418" avscantime="0" fullreqtime="86614" device="1" auth="2" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" content-type="text/plain" application="kasprsky" app-id="250"
    2015:12:02-16:49:16 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.11" dstip="23.21.122.142" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="43" request="0xdfaa6800" url="ping.chartbeat.net/ping referer="electronicdesign.com/.../avoiding-emc-problems-automotive-systems" error="" authtime="1" dnstime="3167" cattime="148" avscantime="1322" fullreqtime="209757" device="1" auth="2" ua="Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="chrtbeat" app-id="906" content-type="image/gif"
    2015:12:02-16:49:19 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.6.35" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdb31a800" url="crl.microsoft.com/.../tspca.crl" referer="" error="" authtime="1" dnstime="48" cattime="171" avscantime="0" fullreqtime="9224" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business"
    2015:12:02-16:49:23 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.6.35" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdb31a800" url="crl.microsoft.com/.../MicRooCerAut2011_2011_03_22.crl" referer="" error="" authtime="0" dnstime="0" cattime="147" avscantime="0" fullreqtime="4540371" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business"
    2015:12:02-16:49:27 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.20.5" dstip="62.128.100.53" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="5437" request="0xdfaa4000" url="https://62.128.100.53/" referer="" error="" authtime="1" dnstime="0" cattime="115" avscantime="0" fullreqtime="52720402" device="1" auth="2" ua="" exceptions="ssl,certcheck,certdate" category="178" reputation="neutral" categoryname="Internet Services"
    2015:12:02-16:49:28 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.6.35" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdb31a800" url="crl.microsoft.com/.../MicTimStaPCA_2010-07-01.crl" referer="" error="" authtime="0" dnstime="0" cattime="201" avscantime="0" fullreqtime="4539151" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business"
    2015:12:02-16:49:30 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="X.2.84" dstip="212.27.42.92" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="199" request="0xdb5c1800" url="zimbra.aliceadsl.fr/.../NoOpRequest" referer="zimbra.aliceadsl.fr/.../mail" error="" authtime="1" dnstime="3113" cattime="105" avscantime="1174" fullreqtime="74775" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0" exceptions="" reputation="neutral" category="156" reputation="neutral" categoryname="Web Mail" application="soap" app-id="1200" content-type="text/plain"
    2015:12:02-16:49:30 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.6.52" dstip="212.103.73.117" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="8156" request="0xe1615000" url="https://mail.haslerrail.com/" referer="" error="" authtime="1" dnstime="2" cattime="77" avscantime="0" fullreqtime="256364" device="1" auth="2" ua="" exceptions="" category="181" reputation="neutral" categoryname="Marketing/Merchandising"
    2015:12:02-16:49:31 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.6.52" dstip="212.103.73.117" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="8156" request="0xdafd6800" url="https://mail.haslerrail.com/" referer="" error="" authtime="1" dnstime="3" cattime="106" avscantime="0" fullreqtime="154741" device="1" auth="2" ua="" exceptions="" category="181" reputation="neutral" categoryname="Marketing/Merchandising"
    2015:12:02-16:49:31 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.20.42" dstip="191.232.139.253" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="6104" request="0xdbca1000" url="settings-win.data.microsoft.com/" referer="" error="" authtime="1" dnstime="253" cattime="134" avscantime="0" fullreqtime="60265907" device="1" auth="2" ua="" exceptions="av,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business"
    2015:12:02-16:49:32 firewall httpproxy[10936]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="X.2.198" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="3182" request="0xdaac6800" url="config.getsync.com/sync.conf" referer="" error="" authtime="1" dnstime="0" cattime="123" avscantime="0" fullreqtime="358" device="1" auth="2" ua="BTWebClient/2250(33685509)" exceptions="" reason="category" category="138" reputation="neutral" categoryname="P2P/File Sharing"
    2015:12:02-16:49:33 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.6.35" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdb31a800" url="crl.microsoft.com/.../microsoftrootcert.crl" referer="" error="" authtime="0" dnstime="0" cattime="145" avscantime="0" fullreqtime="4540292" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="175" reputation="unverified" categoryname="Software/Hardware"
    2015:12:02-16:49:37 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.6.35" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdb31a800" url="crl.microsoft.com/.../MicRooCerAut_2010-06-23.crl" referer="" error="" authtime="0" dnstime="0" cattime="271" avscantime="0" fullreqtime="4539164" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business"
    2015:12:02-16:49:41 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.23.49" dstip="194.230.42.232" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="14" request="0xe1730000" url="www.msftncsi.com/ncsi.txt" referer="" error="" authtime="1" dnstime="2934" cattime="68" avscantime="1130" fullreqtime="14362" device="1" auth="2" ua="Microsoft NCSI" exceptions="" category="105" reputation="trusted" categoryname="Business" content-type="text/plain"
    2015:12:02-16:49:42 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.6.35" dstip="104.86.148.136" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xda8f9800" url="www.microsoft.com/.../Microsoft Windows Hardware Compatibility PCA(1).crl" referer="" error="" authtime="0" dnstime="0" cattime="284" avscantime="0" fullreqtime="27253229" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business"
    2015:12:02-16:49:44 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.20.27" dstip="65.55.44.109" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="5634" request="0xdbf5d800" url="vortex-win.data.microsoft.com/" referer="" error="" authtime="1" dnstime="2" cattime="105" avscantime="0" fullreqtime="60826643" device="1" auth="2" ua="" exceptions="av,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business"
    2015:12:02-16:49:45 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.6.35" dstip="191.232.139.253" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="5221" request="0xdc39c800" url="settings-win.data.microsoft.com/" referer="" error="" authtime="1" dnstime="5558" cattime="113" avscantime="0" fullreqtime="62847314" device="1" auth="2" ua="" exceptions="av,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business"
    2015:12:02-16:49:45 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.6.35" dstip="65.55.44.109" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="5524" request="0xdf0fc000" url="vortex-win.data.microsoft.com/" referer="" error="" authtime="1" dnstime="2924" cattime="134" avscantime="0" fullreqtime="65122622" device="1" auth="2" ua="" exceptions="av,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business"
    2015:12:02-16:49:46 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.6.35" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdb31a800" url="crl.microsoft.com/.../MicrosoftTimeStampPCA.crl" referer="" error="" authtime="0" dnstime="0" cattime="131" avscantime="0" fullreqtime="9094456" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="9998" reputation="unverified" categoryname="Uncategorized"
    2015:12:02-16:49:47 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.23.49" dstip="23.97.186.233" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="7741" request="0xdb5c1000" url="https://pipe.skype.com/" referer="" error="" authtime="1" dnstime="3025" cattime="96" avscantime="0" fullreqtime="4748457" device="1" auth="2" ua="" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging" application="skype" app-id="448"
    2015:12:02-16:49:48 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.20.5" dstip="195.122.177.141" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="12205" request="0xde8bf800" url="https://195.122.177.141/" referer="" error="" authtime="1" dnstime="0" cattime="135" avscantime="0" fullreqtime="67052309" device="1" auth="2" ua="" exceptions="ssl,certcheck,certdate" category="178" reputation="neutral" categoryname="Internet Services"
    2015:12:02-16:49:50 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.128" dstip="104.86.148.136" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdabd1000" url="www.microsoft.com/.../MicSecSerCA2011_2011-10-18.crl" referer="" error="" authtime="2" dnstime="2923" cattime="78" avscantime="0" fullreqtime="20697" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="111" reputation="neutral" categoryname="Education/Reference"
    2015:12:02-16:49:51 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.6.35" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdb31a800" url="crl.microsoft.com/.../WinPCA.crl" referer="" error="" authtime="0" dnstime="0" cattime="148" avscantime="0" fullreqtime="4540481" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="9998" reputation="unverified" categoryname="Uncategorized"
    2015:12:02-16:49:55 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.128" dstip="194.230.42.163" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xe161b800" url="crl.microsoft.com/.../MicRooCerAut2011_2011_03_22.crl" referer="" error="" authtime="1" dnstime="2994" cattime="130" avscantime="0" fullreqtime="12232" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business"
    2015:12:02-16:49:58 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.2.41" dstip="5.135.92.88" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="5352" request="0xdb552800" url="https://d960.devatics.com/" referer="" error="" authtime="1" dnstime="5" cattime="128" avscantime="0" fullreqtime="10122442" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
    2015:12:02-16:49:59 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="X.6.19" dstip="52.4.109.5" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="8787" request="0xdb682800" url="https://dl-debug.dropbox.com/" referer="" error="" authtime="1" dnstime="5597" cattime="87" avscantime="0" fullreqtime="60198365" device="1" auth="2" ua="" exceptions="" category="170" reputation="trusted" categoryname="Personal Network Storage" application="dropbox" app-id="127"
    2015:12:02-16:49:59 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.128" dstip="194.230.42.163" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xe161b800" url="crl.microsoft.com/.../microsoftrootcert.crl" referer="" error="" authtime="0" dnstime="0" cattime="144" avscantime="0" fullreqtime="4595407" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="175" reputation="unverified" categoryname="Software/Hardware"
    2015:12:02-16:49:59 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.128" dstip="193.192.250.162" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdf8ce800" url="pki.google.com/GIAG2.crl" referer="" error="" authtime="1" dnstime="116" cattime="72" avscantime="0" fullreqtime="6074" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="google" app-id="182"
    2015:12:02-16:49:59 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.128" dstip="194.230.42.163" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xe161b800" url="crl.microsoft.com/.../MicrosoftTimeStampPCA.crl" referer="" error="" authtime="0" dnstime="0" cattime="86" avscantime="0" fullreqtime="132870" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="9998" reputation="unverified" categoryname="Uncategorized"
    2015:12:02-16:50:01 firewall httpproxy[10936]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="X.2.198" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="3182" request="0xdafd6000" url="config.getsync.com/sync.conf" referer="" error="" authtime="1" dnstime="0" cattime="85" avscantime="0" fullreqtime="350" device="1" auth="2" ua="BTWebClient/2250(33685509)" exceptions="" reason="category" category="138" reputation="neutral" categoryname="P2P/File Sharing"
    2015:12:02-16:50:02 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.234" dstip="104.86.148.136" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdc9dd000" url="www.microsoft.com/.../MicSecSerCA2011_2011-10-18.crl" referer="" error="" authtime="2" dnstime="3018" cattime="76" avscantime="0" fullreqtime="17453" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="111" reputation="neutral" categoryname="Education/Reference"
    2015:12:02-16:50:04 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.234" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdee8c000" url="crl.microsoft.com/.../MicRooCerAut2011_2011_03_22.crl" referer="" error="" authtime="1" dnstime="288" cattime="147" avscantime="0" fullreqtime="9376" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business"
    2015:12:02-16:50:05 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.234" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdee8c000" url="crl.microsoft.com/.../microsoftrootcert.crl" referer="" error="" authtime="0" dnstime="0" cattime="74" avscantime="0" fullreqtime="29418" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="175" reputation="unverified" categoryname="Software/Hardware"
    2015:12:02-16:50:05 firewall httpproxy[10936]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="X.2.234" dstip="194.230.42.209" user="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffSecheron (Secheron)" size="0" request="0xdee8c000" url="crl.microsoft.com/.../MicCodSigPCA_08-31-2010.crl" referer="" error="" authtime="0" dnstime="0" cattime="118" avscantime="0" fullreqtime="29793" device="1" auth="2" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="175" reputation="unverified" categoryname="Software/Hardware"
    2015:12:02-16:50:05 firewall httpproxy[1093
  • 0 in reply to AbdullahAmer
    For better visibility of the 43 records i copied, i just copy them into Notepad++

    Cheers,
    Abdullah
  • 0 in reply to AbdullahAmer
    Does the Default Web Filter Profile | Secheron | policy have AD SSO users selected for authentication?
  • 0 in reply to Emily
    Yes, if i remove it i would not get any user names in the log

    Many thanks,
    Abdullah
  • 0 in reply to AbdullahAmer
    You will need to do a wireshark capture on the client machine to see if its sending auth packets back to the UTM.

    You could also trying setting the proxy in the browser (but leaving it in transparent mode) - do you still get the same issue?
Reply Children
No Data
Unfiltered HTML