Notification failed user login for dialup ipsec connection

Hi ​@Tutek ,

You use the filters in automation stich for specific Dialup tunnel. 
Refer below article: 

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Thanks,
Mayur Padma

Yes, I know that Field Filters can be used, but what fields should be used in this case Xauth field?

When I enter a bad password during a connection then in VPN event log I have this:

User    VPN-Users
Group    N/A
XAUTH User    user01
XAUTH Group    N/A

Action    negotiate
Status    failure
Result    N/A

Log event original timestamp    1780304057778508800
Timezone    +0200
Log ID    0101037121
Type    event
Sub Type    vpn
Alternate User    N/A
Peer Notification    NOT-APPLICABLE
ADVPN Shortcut    0

Hi ​@Tutek ,

Can you check with this filters:

name : "result"
value : "XAUTH authentication failed"

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone
.
Thanks,
Mayur Padma

Hi ​@Tutek ,

I can able to see in my lab the log information about auth failed. Refer below logs : 

Can you check from the same system whether authorized user is able connect to VPN and below logs are generated ? This will confirm, that you  have correct VPN configuration and reachability with FortiGate and logs are getting generated. 

I have configured ikev1 with aggressive mode in lab setup.  Can confirm what is the configuration ? all logs ?

Thanks,

Mayur Padma

I use IKEv2, as the “Result” of bad password entered I have N/A.

My tunnel is working fine if I enter correct password, then I get an connection.

Ok, understood this is not possible. That's seems odd, it's better to monitor failed logins to see if there are any attempted attacks than to monitor successful logins. I hope they'll add that feature in the future.