Authentication Report

Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes

The Authentication report shows a summary of users who successfully authenticated to the device and failed login attempts. Includes the login time, logout time, duration, and connection method. If bandwidth and time quotas are enabled on your device, the quota usage details also appear for each user.

This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.

How to Use this Report

This report can help you to audit authentication attempts on your device. Here are some ways to use this report:

  • View the Allowed pivot to identify which users logged in successfully. For each user, you can see the IP address, how long they were logged in for (minutes:seconds), and the type of authentication connection (such as Firewall, VPN, or Guest).
  • View the Denied pivot to see a list of users who attempted to authenticate but were denied. Look for repeated failed authentications that could indicate an attempt to gain access to your network.
  • Investigate unusual activity that might be malicious, such as multiple simultaneous authentication attempts from the same user but different source IP addresses.
  • If you enforce bandwidth and time quotas on your Firebox, review the data in the Quota Usage column to see which users are close to their quotas. For more information, see About Quotas.

View the Report

This report is available in WatchGuard Cloud and in Dimension.

  1. Log in to WatchGuard Cloud.
  2. Select Monitor > Devices.
  3. Select a folder or a specific device.
  4. To select the report date range, click .
  1. From the list of reports, select Device > Authentication.
    The Authentication report opens.

    Screen shot of Authentication report

  1. To see reports for your Fireboxes or FireClusters, select Home > Devices.
    The Devices list opens.
    To see reports for your groups of Fireboxes, select Home > Groups.
    The Groups list opens.
  2. Select the Name of a Firebox, cluster, or group.
    The Tools > Executive Dashboard page opens.
  3. Select the Reports tab.

    Screen shot of the Reports tab in Dimension.

  1. Select Device > Authentication.
    The Authentication report opens.

Pivots

You can use pivots to change the view of the data on the report.

To switch to a different view, select a pivot from the drop-down list above the report.

This report includes these pivots:

Allowed

Details of the users who authenticated successfully with the device.

Denied

Details of the users who were denied and not allowed to authenticate with the device.

Detail View

Detail view is not available for this report.

Enable Logging for this Report

Logging for cloud-managed Fireboxes is automatically enabled. For locally-managed Fireboxes, you must manually enable logging in Fireware Web UI or Policy Manager. For more information, see Set Logging and Notification Preferences.

To collect the data required for this report for locally-managed Fireboxes, in Fireware Web UI or Policy Manager:

  • The device feature key must support authenticated users.
  • Authentication must be enabled on your device. For more information, see About User Authentication.

Related Topics

WatchGuard Cloud Device Reports List