SSL-VPN (brute force) sign-in attempts are forwarded to RADIUS server, why?

Forum|Forum|1 year ago
January 3, 2025
1 reply
824 views

One of our branch offices is facing a lot of brute force attempts via SSL-VPN.

For some reason, all these (failed) attempts are also forwarded to our RADIUS server (only used for wireless / wired network authentication via a NAC solution). Other branch offices with the same setup do not forward these brute force attempts to the RADIUS server(s). We have tried to compare the full configuration with each other, however do not notice any differences. Are we missing something here?

We are on FortiOS 7.2.10 on this specific branch office.

funkylicious

SuperUser

Hi,

The only thing that I can think of is that your RADIUS server is assigned to a user group ( in Remote groups ) that is also listed in the SSLVPN settings.

"jack of all trades, master of none"

lk3287Author

New Member

Correct, the RADIUS-server is part of a User Group (Type:Firewall) that is referenced in a 'Switch Controller Setting Security Policy 802-1X' policy.

However, I still don't understand why the RADIUS-server is called during SSL-VPN logins (as this RADIUS server is not suppose to handle / has nothing to do with SSL-VPN sign-ins).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded