EX SSL-VPN: Difference between Anonymous, Not-Authenticated and "UNKNOWN in Aventail Advance Reporting tool
On analysing the imported extraweb_access log in the Aventail Advanced Reporting we see messages as Anonymous, Not-Authenticated and UNKNOWN.
What does this messages mean?
UNKNOWN ========= Without knowing the authentication method that is use, it isn't possible to know what "UNKNOWN" means, This occurs while the authentication code can't figure out who the user is for some reason where the users authentication method is now known.
Anonymous ========= Anonymous are sessions that are logged in without a username and password. Extraweb creates anonymous sessions to download the preauth agents, that might be what this is. Enabling the NULL authentication module will also result in anonymous sessions showing up in your logs.
Not Authenticated ============== "not authenticated" likely indicates sessions that are terminated for some reason before the authentication process has completed and so these session have no user attached to them and are marked as "not authenticated". This may also indicate sessions where the authentication challenge failed and the session was thus not authenticated and terminated.