Reporting on Users without SonicWall Authentication EnabledIf a username is not logged (either authentication is not enabled, or is bypassed for specific traffic), then Fastvue Reporter for SonicWall will look for a resolved hostname in the logs and display the result in its reports. For SonicWall to do this, ensure you have your settings correctly configured in Log | Name Resolution and your specified DNS servers can perform reverse lookups (return a hostname for a given IP address).
If there is no username or hostname in the logs, then the Fastvue Reporter server will perform a reverse DNS lookup on the IP address. If a hostname is returned by the reverse DNS lookup, Fastvue Reporter will display that as the username. If no hostname is returned, then Fastvue Reporter will simply display the raw IP address as the username.
It is possible to map IPs and hostnames to users using Saved Filters in Fastvue Reporter. For more information see our article covering Users, Department and Security Groups. Scroll down to the section covering users without SonicWall Authentication enabled.
But a much better solution is to set up authentication on your SonicWall to log and report on users correctly.
Reporting on Users with SonicWall Authentication EnabledFastvue Reporter for SonicWall can only show usernames if they exist in the log data sent to the Fastvue server from the firewall. This only happens when your SonicWall is authenticating users.
To configure authentication on SonicWall appliance, go to Users | Settings and configure the authentication method that makes sense for your environment. In most cases, this will be LDAP + Local Users, and/or Active Directory Single Sign On (SSO) using the SonicWall SSO Agent.
You then need to configure your SonicWall's access rules to force user authentication. For information on configuring SonicWall's access rules to force users to authenticate, please see step 2 in the SonicWall KB article: How to Force User Authentication Prior to Allowing Traffic Through the Firewall
If you are using AD SSO, there are some steps towards the bottom of this article on how to test SonicWall's AD SSO is working correctly.
How to Verify SonicWall is Authenticating UsersYou can also verify if SonicWall is logging usernames without Fastvue, by going to Investigate | Event Logs and filtering the view by Priority = Inform, Category = Log, and Source IP = an IP that you believe should be authenticating (try your own for testing).
This will return all the web hits for that IP address. Click the More Details button to the right (three lines).
Look at the Username field. If this is blank, then that IP address is not authenticating for the Web Traffic shown.
If you have a way to contact SonicWall support, then they are certainly the best to help you troubleshoot authentication issues on your SonicWall. Just be sure to demonstrate the issue using the SonicWall log monitor interface as above. Avoid mentioning Fastvue as you may get their standard 'we don't support third party products' response.
Once users are authenticated and logged by SonicWall, Fastvue Reporter can match them to their User object in Active Directory. You can then utilize other features such as Department and Security Group reporting. For more information see our article SonicWall Reporting on Users, Departments and AD Security Groups.