Support Center

User Reports Not Working. Only Hostnames or IP Addresses Shown in User Sections.

Last Updated: Nov 08, 2018 05:27PM PST
If the Top Users sections of your reports and dashboards are only showing IP addresses or hostnames instead of real usernames, this means that SonicWall is not authenticating users.

Reporting on Users without SonicWall Authentication Enabled

If a username is not logged (either authentication is not enabled, or is bypassed for specific traffic), then Fastvue Reporter for SonicWall will look for a resolved hostname in the logs and display the result in its reports. For SonicWall to do this, ensure you have your settings correctly configured in Log | Name Resolution and your specified DNS servers can perform reverse lookups (return a hostname for a given IP address).

If there is no username or hostname in the logs, then the Fastvue Reporter server will perform a reverse DNS lookup on the IP address. If a hostname is returned by the reverse DNS lookup, Fastvue Reporter will display that as the username. If no hostname is returned, then Fastvue Reporter will simply display the raw IP address as the username.

It is possible to map IPs and hostnames to users using Saved Filters in Fastvue Reporter. For more information see our article covering Users, Department and Security Groups. Scroll down to the section covering users without SonicWall Authentication enabled.

But a much better solution is to set up authentication on your SonicWall to log and report on users correctly. 

Reporting on Users with SonicWall Authentication Enabled

Fastvue Reporter for SonicWall can only show usernames if they exist in the log data sent to the Fastvue server from the firewall. This only happens when your SonicWall is authenticating users.

To configure authentication on SonicWall appliance, go to Users | Settings and configure the authentication method that makes sense for your environment. In most cases, this will be LDAP + Local Users, and/or Active Directory Single Sign On (SSO) using the SonicWall SSO Agent.

You then need to configure your SonicWall's access rules to force user authentication. For information on configuring SonicWall's access rules to force users to authenticate, please see step 2 in the SonicWall KB article: How to Force User Authentication Prior to Allowing Traffic Through the Firewall 

If you are using AD SSO, there are some steps towards the bottom of this article on how to test SonicWall's AD SSO is working correctly.

How to Verify SonicWall is Authenticating Users

You can also verify if SonicWall is logging usernames without Fastvue, by going to Investigate | Event Logs and filtering the view by Priority = Inform, Category = Log, and Source IP = an IP that you believe should be authenticating (try your own for testing).

Filtering SonicWall's Log Viewer for Web Site Access Logs

This will return all the web hits for that IP address. Click the More Details button to the right (three lines).

SonicWall Log Viewer - Viewing Web Site Access Details

Look at the Username field. If this is blank, then that IP address is not authenticating for the Web Traffic shown. 

Viewing SonicWall's Web Site Access Log Details

If you have a way to contact SonicWall support, then they are certainly the best to help you troubleshoot authentication issues on your SonicWall. Just be sure to demonstrate the issue using the SonicWall log monitor interface as above. Avoid mentioning Fastvue as you may get their standard 'we don't support third party products' response.

Once users are authenticated and logged by SonicWall, Fastvue Reporter can match them to their User object in Active Directory. You can then utilize other features such as Department and Security Group reporting. For more information see our article  SonicWall Reporting on Users, Departments and AD Security Groups.

Contact Us

  • Post a Public Question
  • Email Us
  • Chat with us

    Call Us @ 888.885.6711
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found