Hi, we have a FortiGate v6.4.2 build1723 (GA) where we use SSL-VPN. Sometime the users enter (many times) the password wrong and the Forti block the public IP of the users and they have to wait for a long time to be automatically unblocked (unbanned). How Can I unblock that IP from the forti console to allow the user try the login again ?
Unfortunately this is incorrect.
SSL-VPN lockout is controlled in "config vpn ssl settings":
login-attempt-limit - how many attempts are allowed <0~10; 0 = no limit, default=2>
login-block-time - how long to block an IP if the limit is reached <0~86400 seconds; default=60>
As for manually clearing the lockouts: As far as I am aware, there is no native mechanism to clear someone's block. You have to wait for it to expire.
If I had to guess, you might be able to reset it if you restart sslvpnd process, but that would also drop other SSL-VPN tunnels, so it would be unfeasible in production even if it worked.
There is an existing NFR asking for this feature, so if you're interested, let your Fortinet sales contact know that you'd like to see this in a future version.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
