Blocking users/IP' s after failed auth attempts

I dont think there is a work around for that.by default configuration of ssl vpn if the the user attempted to login ssl vpn using mismatch username and password 3 times,automatically fortigate will dispaly a message sort of " Too many bad login attempts. Please try again in a few minutes. "

Yeah that' s exactly what I' m seeing. It' d be nice if the " default" could be changed!

For admins it should be changeable, though i have never done so before. Take a look at your versions cli reference guide, and also at your config unter " conf sys global" , there " admin-lockout-duration" and " admin-lockout-threshold" . Maybe this' ll work, but i' m only guessing because of the displayed error, which is the same i' m getting without my morning pot of coffee, when my fingers don' t agree with my head

Thanks - my fingers never agree with my head! I just tried changing those params, but it made no difference at the SSL VPN portal. But you' re right that those default values (3 attempts, around 60 seconds lockout) are the same as what I' m experiencing through the portal.

There appears to be a #config user setting -> auth-blackout-time which according to the CLI guide - When a firewall authentication attempt fails 5 times within one minute the IP address that is the source of the authentication attempts is denied access for the <blackout_time_int> period in seconds. The range is 0 to 3600 seconds. Might work?

You' d think - it' d certainly be logical, but it doesn' t work. It was actually one of the ones I tried in my first post