Skip to main content
A
Anonymous_User
Contributor
December 2, 2009
Question

Block Attacks Automatically After several Attemps

  • December 2, 2009
  • 6 replies
  • 4631 views
I have a FortiGate 60B running firmware version 3.00-b0744(MR7 Patch 6). I would like to know if there' s way to block an IP Address automatically after the firewall blocks a number of hack attemps into my server automatically? Basically just like if you try to log into your firewall and you failed 3 times it temporary blocks that IP address. I would like to do the samething with hack attemps to my server that my firewall detected and blocked. Please let me know if there' s a way to do this. Thanks

    6 replies

    discoveryit
    discoveryit
    New Member
    December 2, 2009
    Upgrade to 4.0 and you can quarantine ip' s for a time period.
    A
    Anonymous_UserAuthor
    Contributor
    December 4, 2009
    Thank you discoveryit. Could you also kindly tell me where I would find information on quarantine the IP' s so that I can see how to configure this when I upgrade to Version 4 please.
    Carl_Wallmark
    Carl_Wallmark
    New Member
    December 8, 2009
    You will find it under: UTM -> Intrusion Prevention -> " Your IPS Sensor"
    A
    Anonymous_UserAuthor
    Contributor
    December 14, 2009
    ok, we have a 50 B and a lot of DoS Attacks,... how can i change the bolck Time? i like block the IP-Adreaa over 5 min? how can i do this???
    Carl_Wallmark
    Carl_Wallmark
    New Member
    December 14, 2009
    if you have 4.00 firmware you can quarantine (block) the attacker for xxx minutes, or for forever =) to block DoS-attacks you will have to use the CLI config firewall interface-policy what firmware do you have ?
    billp
    billp
    New Member
    December 15, 2009
    Thanks. I was also interested in this :) Any way to detect multiple Remote Desktop attempts? Did not see any IPS sensor to detect that? Bill
    Carl_Wallmark
    Carl_Wallmark
    New Member
    December 16, 2009
    Do you mean to detect RDP attempts on port 3389 ? IPS is designed to detect intrusions, and a connection attempt is not an intrusion, however, you could create your own IPS signature to detect anything on port 3389, then you would have a RDP signature =)
    billp
    billp
    New Member
    December 16, 2009
    Thanks. Understood. I wanted to detect and/or prevent bruteforce RDP login attempts on the port. Didn' t see a way of specifying how many login attempts per time period would be considered an intrusion. I' ll see if I can figure a better way to implement this by securing the port better.
    Terms & ConditionsAccessibility statement