Mapping IP address to names in Dashboard, not Dimension.

I have done this one of my Fireboxes but I can't remember how its done. On my main Firebox I see names for my Top Clients. On a Firebox at another site I see only IP's. I forgot how this works and most searches talk about Dimension, which I have already configured.

Comments

  • I'm not aware of a specific option to do this in XTM.
    In WSM Firebox System Manager -> Host Watch, one can select the Setting options: "Show domain name" and "Show user name.
    Other than that and the Dimension method, I am not aware of any other name resolution options.
    If you are seeing device names: could your other firewall be pointing to an AD DNS server where those IP addrs will resolve to device names?
    If you are seeing user names: Could your users be authenticating to the firewall ?

  • The DNS is different on the one that is not showing names. Doesn't explain usernames though. I have the SSO agent installed.on workstations. And I always thought that had something to do with it. I might read up on it and see. I changed the DNS on the other Firewall but still only IP addresses.

  • RalphRalph WatchGuard Representative

    Hello Kev,

    Authentication is required for Dimension to display usernames in reports. Make sure your logs have the src_user tag.

    *sample
    FWAllow, Allowed, pri=4, disp=Allow, policy=Internal-Policy, protocol=67/udp, src_intf=1-Trusted, dst_intf=Firebox, rc=100, pckt_len=349, ttl=128, src_user=Backend-Service@Any, 3000-0148

    For hostnames, Dimension needs a DNS server that's able to resolve reverse DNS records. If it can't, Log Collector logs** will be littered with logs similar to below.

    orig="dimension" pri="6" app="ap_collector" proc_id="4276:18446744071883192064" mc="9244" msg="Information (9244), 10.10.10.10: Domain name not found" />

    **gear icon / Server Management / Diagnostics / Log Collector

  • Thanks, but I am not referring to Dimension. I am talking about the Dashboard on the Firewall Front Panel, Top Clients. I have another site with a Firewall and Domain controller. That site connects to the main Site over VPN. The main site Firewall does show usernames instead of IP's. I am trying to get the other Firewall to do the same thing. I just forgot how.

  • BINGO!!!!! Its the SSO settings. I had to point the SSO on the other Firewall to the SSO agent on my domain controller.

Sign In to comment.