Why is SonicWall showing 'Unknown User' utilizing network resources?

Description

Firewall administrators may find SonicWall showing the Unknown User utilizing network resources and may get worried about the same as it might seem suspicious. The same is shown as Below:

SonicOS 7.X:

Image


SonicOS 6.5.X

Image

Cause

SonicWALL firewall will treat all the IP-based connections of local traffic as 'Unknown User' as it will be unauthenticated.

A simple example to understand is the default LAN>WAN access rule with no authentication mechanism setup, it will forward all the outgoing traffic. All this traffic will be IP based and hence no user record will be available in the firewall.

Hence, if firewall administrators want to pull a report based on users, it will not show any data but if the report is pulled based on IP address, it will show the information.

Resolution

Setting up an Authentication Mechanism would be able to help solve this issue. The firewall will authenticate the Users and keep a record of the same. Whenever required, administrators can pull the reports based on User Names.

In SonicWALL, administrators can set up the authentication in two ways:

  1. User Level Authentication
  2. Single Sign-On


Refer to the above articles for a better understanding of the underlying mechanism and the configuration steps.

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community