You want to know why your top users report shows a"-" as a user name
There are requests going to the ProxySG that are not authenticated. There are two possible reasons for this:
Requests from applications that are not configured to use a proxy. Your policy may deny these requests, but the logged denied request does not have a username therefore shows up as "-". If you drill-in on the "-" user, you can see the sites being requested, the IP addresses they are coming from, and the user-agent making the request.
Denied requests from non-authenticated end users. If you are not using "force-authenticate" in your ProxySG policy, then any denied request that is evaluated before authentication will log without any username since the user was not yet authenticated before the deny.
The dash "-" is a representation of the number un-authenticated users on your ProxySG appliances.
A value of around 30 percent for such a user is considered normal.
Imported Document ID: 000016672
Subscribing will provide email updates when this Article is updated. Login is required.