Symantec Web Gateway can maintain information on the activity of users and departments as defined by Active Directory over LDAP.
Defaultly, the SWG will only record the IP address of the network traffice, but, if there is AD in the environment, you can configure the SWG to record the user information of the network activity, such as User Name, AD Department, and so on.
Here is the simple instruction:
1. Log into SWG web console.
2. Click 'Configuration' under 'Administration' section.
3. Select 'Authentication' tab, click to enbale 'Use LDAP to identify end users':
Enter the hostname or IP address of your LDAP server.
Enter the LDAP Search Base. The LDAP Search Base must be in DN format such as "dc=test, dc=com".
Enter the user name and password that the Web Gateway will use to access the root of your LDAP server. The User Name format can be MS sam account name, sam account name @ domain or distinguish name (DN) for simple authentication method. Kerberos authentication method only accepts MS sam account name or sam account name @ domain.
Use the dropdown boxes to define the whether users are organized by department or by organizational units and whether the Web Gateway reports should present the LDAP logon name or the full user name.
4. After the configuration, you can click the 'Test' button:
With NTLM Authentication, the Web Gateway communicates with the end user's browser in order to extract LDAP name; correlate the user's LDAP name with their computer's IP address; and re-enforce the end-user Authentication to the domain controllers when the user's credentials have expired.
5. Under 'NTLM Configuration' section, click to enable 'Enable NTLM Authentication':
6. After the configuration of the NTLM, you can click the 'Test' button:
After all these configurations, you need to create a authentication policy.
7. Click 'Configuration' under 'Policies' section.
8. Click the 'Create a New Policy' button:
9. Under 'User Authentication' section, click to enable 'Authentication setting policy', and select the authentication type:
10. Save and apply the policy.
If the end user doesn't log into the AD, and there will be a notification for the user to input the credential of the AD when the user try to access the web:
Then, on the logs of the SWG, there will be the information of the end user: