Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Web Gateway shows incorect users in reports

Created: 07 Jun 2012 • Updated: 22 Jun 2012 | 6 comments
Jordanco's picture
This issue has been solved. See solution.

Hi

We have Web Gateway Applicance that has problems showing the correct users logged on in reports:

Web Gateway Software Updates    
Current Software Version 5.0.3.18
Web Gateway Database Updates
Current Version 5.0.0.404

Simple Inline Configuration (lan and mgmt interfaces connected to the corporate switch-single ip adress).

Operating Mode :Inline + Blocking

TMG Proxy behind the Web Gateway configured as a proxy server on the Web Gateway and selected Analyze ports used by proxy

Using AD Integration using DC interface.When testing LDAP no errors occur.

Use LDAP to identify end users
Download domain controller interface software
Test LDAP  

 

THE PROBLEM:Users dont appear correctly in the reports (one user is shown to be looged on 5-10 pc`s at a time whitch is impossible because we only have 50 computers and i know for sure which user usess which computer).I have checked the option "Sync Frequency Sync user LDAP info every 0 hours" still the same problem.

 

Any help is aprretiated

 

 

Thanks

Discussion Filed Under:

Comments 6 CommentsJump to latest comment

BenDC's picture

SWG matches user names to IP addresses sent by DCinterface at the time of the users last login. If the users IP address changes after login due to DHCP leases changing then users and IP may no longer match. If the IP addresses are changing regularly you may want to consider using NTLM authentication ot the SWG or adjusting your DHCP server settings to allow machines to renew/keep the IP they have for a longer period of time.

Jordanco's picture

Hi Ben,thanks for the reply

 

The problem is not related to DHCP leases.For example,one user can be reported as loged on to 5 diferent pc`s in just 10 sec period.Another issue is that when someone uses RDP to conect to another pc with a diferrent user name than the one logged on the computer initiating the rdp connection,the user name used for rdp is displayed to be logged on the local computer.

BenDC's picture

RDP and citrix can a tricky space for the SWG as well actually. Again SWG matches users to IPs from login information sent from DC interface. It cannot track multiple users from one IP. So if multiple users access a machine each will log in and the last user to login will be the one that appears to do the browsing from that point on.

 

TSE-JDavis's picture

As per our documentation, your proxy server should be in front of the SWG so we see the traffic from the clients, before it hits the proxy server. This way we will see the client computer's IP address and not the proxy's IP.

Jordanco's picture

Thanks for that,i will disable the option "analyze ports used by proxy".But i think that even with thah option disabled the problem was the same.Thanks anyway

Jordanco's picture

Hi Everyone

 

I have found a solution for the repotrs problem

Cause

Name resolution for purposes of Custom Reports is consuming network and CPU resources which are needed for processing the log entries into the database of SWG appliance.

Solution

To disable name resolution for reports

1.       In the SWG UI, navigate to Administration> Configuration.
2.       On the Reports tab, uncheck “DNS”
3.       Uncheck “WINS”
4.       Uncheck “Display port names when available.”
5.       Uncheck “Display user email addresses in user reports”
6.       Click Save

http://www.symantec.com/business/support/index?pag...

 

Still if anyone has any idea about fixing the problem when using RDP please let me know

"Another issue is that when someone uses RDP to conect to another pc with a diferrent user name than the one logged on the computer initiating the rdp connection,the user name used for rdp is displayed to be logged on the local computer."

 

SOLUTION