FortiGate vs FortiAnalyzer User Anonymize

The Fortinets products "FortiGate" (firewall) and the "FortiAnalyzer" (log-management-system) both have an option to anonymize user names in their logs. However they are not the same thing.


config log setting 
  set user-anonymize enable

Will result in changing all usernames to "anonymous":


Using „Privacy masking“ in the FortiAnalyzer will change the username as follows:

Using "Obfuscate User" in Advanced Settings of a Report will hide user information the report.


When enabling "user-anonymize" the FortiGate will also send to all syslog destinations and FortiAnalyzers the username as "anonymous". Therefore also using "Privacy masking" from FortiAnalyzer might not be necessary anymore when "user-anonymize" is already enabled on the FGT.

More information can be found here: and and

Almost perfect protection for websites and other services - Mutual TLS

Its hard to secure your IT services and applications. The list of possible attacks is long, as shown in the Mitre Att&ck framework , the...