SSL VPN multiple failed logon attempts from TOR IPs

Forum|Forum|2 years ago
August 16, 2023
2 replies
3098 views

Hi guys,

I found many articles that help geo-block IP Addresses that try to connect on SSL VPN.
Now we face many attempts out of the TOR network. Fortigate has the TOR_Exit_node as an Internet Service Database, and it can also be added as external Connector, but local in Policies can't be configured with either.
Is there a way I miss? Fortigate has version 7.0.12/6.4.14.

FortiGate

Best answer by Christoph1

Found a solution.
SSL VPN Hardening

adambomb1219

SuperUser

Correct, local-in policies (traffic to the FortiGate itself) can't use more advanced objects like this. I have some customers front-end their SSL VPN firewall with a "perimeter" firewall to do just that.

Why not create a list of allowed countries and block all others like here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restricting-SSL-VPN-connectivity-from-certain/ta-p/191997

Also getting around geo-blocks is trivially easy for an attacker. These type of attempts are better stopped at places like the MFA provider using device posture, etc.

Christoph1Author

New Member

I totally agree with you that geo-blocks are trivial. But I can't understand why Fortinet implement geo-blocks feature in 7.2 (GUI implement) but don't make it more flexible like use their own features (external connector lists and so on).
Yes, I can install a perimeter firewall in front of the fortigate that has SSL VPN active, but that's not as easy as configure the local in policy.

It seems like there is no way so far. Thank you as well.

Christoph1AuthorAnswer

New Member

Found a solution.
SSL VPN Hardening

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded