Welcome to ISAserver.org

Firewall Logging - Username Field??

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Firewall Logging - Username Field??

Page: [1]

Message

<< Older Topic Newer Topic >>

Firewall Logging - Username Field?? - 16.Jun.2008 9:58:40 AM

sgraham978

Posts: 16
Joined: 6.Mar.2008
Status: offline

I'm trying to configure ISA 2006 firewall logging to log the actual users username instead of the IP address when someone connects in via VPN however I have not net been able to do this.

Before upgrade to ISA 2006 we were using ISA 2004 which was working fine and collecting the username instead of the IP address but now with 2006 this is not the case.

I have checked that all the firewall policies are set to authenticated users instead of 'all users' but still having the same problem. We are not using the microsoft firewall client, just using IE connection settings to specify proxy address. This is how we were doing it with 2004.

Is there any trick to getting 2006 to log username details instead of IP address?

Post #: 1

Featured Links*

RE: Firewall Logging - Username Field?? - 16.Jun.2008 11:24:37 AM

paulo.oliveira

Posts: 609
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline

Hi,

there�s no trick about it. You don�t need to set the Users Set to allow only authenticated users, cause once the user is connecting to VPN, he�s passing his credentials and ISA is already authenticating him.
What kind of authentication method are you using? PPTP or L2TP/IPSec (PSK or Cert)?

Regards,
Paulo Oliveira.

(in reply to sgraham978)

Post #: 2

RE: Firewall Logging - Username Field?? - 16.Jun.2008 8:52:34 PM

sgraham978

Posts: 16
Joined: 6.Mar.2008
Status: offline

We're using PPTP.

(in reply to paulo.oliveira)

Post #: 3

RE: Firewall Logging - Username Field?? - 19.Jun.2008 8:41:37 PM

sgraham978

Posts: 16
Joined: 6.Mar.2008
Status: offline

I am still unable to get this working properly. Is there anything else that I am missing???

(in reply to sgraham978)

Post #: 4

RE: Firewall Logging - Username Field?? - 3.Jul.2008 10:55:20 PM

sgraham978

Posts: 16
Joined: 6.Mar.2008
Status: offline

Still having trouble getting this working. When I look at the log files we are getting usernames listed for 'WAN Miniport (PPTP)' Application Protocol but not 'PPTP' Application Protocol. Is there something I've missed enabling for this to work?

(in reply to sgraham978)

Post #: 5

RE: Firewall Logging - Username Field?? - 10.Jul.2008 2:49:47 AM

sgraham978

Posts: 16
Joined: 6.Mar.2008
Status: offline

Just a bit of an update....this is just a snapshot of the info we've got from the logging....if you look at the 'ClientUserName' column and then compare it to the 'ApplicationProtocol' column you can see what I mean about being able to get the username logged for 'WAN Miniport (PPTP)' but not for 'PPTP'.

protocolSourceIPSourcePortDestinationIP DestinationPort OriginalClientIPAction  ApplicationProtocol  ClientUserName ClientAgent
TCP x.x.x.x 1152  x.x.x.x  1723 x.x.x.x  Establish  PPTP   - -
GRE x.x.x.x 0  x.x.x.x  0 x.x.x.x  Establish  PPTP   - -
- x.x.x.x 0  x.x.x.x  0 x.x.x.x  SuccessfulConnection WAN Miniport (PPTP) username VPN remote access
TCP x.x.x.x 1152  x.x.x.x  1723 x.x.x.x  Intermediate  PPTP   - -
GRE x.x.x.x 0  x.x.x.x  0 x.x.x.x  Intermediate  PPTP   - -
TCP x.x.x.x 1152  x.x.x.x  1723 x.x.x.x  Intermediate  PPTP   - -
GRE x.x.x.x 0  x.x.x.x  0 x.x.x.x  Intermediate  PPTP   - -
TCP x.x.x.x 1152  x.x.x.x  1723 x.x.x.x  Terminate  PPTP   - -
- x.x.x.x 0  x.x.x.x  0 x.x.x.x  Disconnect  WAN Miniport (PPTP) username VPN remote access
GRE x.x.x.x 0  x.x.x.x  0 x.x.x.x  Terminate  PPTP   - -

< Message edited by sgraham978 -- 10.Jul.2008 4:00:43 AM >

(in reply to sgraham978)

Post #: 6