Created on 10-10-2024 12:09 AM Edited on 12-09-2024 05:46 AM By Jean-Philippe_P
Description | This article explains the configuration for the automation script to BAN the brute force attacker's IP. |
Scope | FortiGate, SSL VPN. |
Solution |
The below image represents the elements required for this configuration:
Example for the above:
Configure the Action element in the stitch as per below and the ACTION here will be a CLI Script:
The command to place the attacker IP in the Banned list would be as per below:
diagnose user banned-ip add src4 %%remip%% 0 admin
To verify the Banned IP list:
diag user banned-ip list
Note: For versions 7.0.x and below the commands are as per below:
diag user quarantine list diagnose user quarantine add src4 %%remip%% 0 admin
This will not work if the intended objective is to prevent a specific IP from restricting authentication attempts on SSL VPN. Banned IP will only work when traffic is passing through FortiGate, real forwarding traffic. Logging in on SSL VPN is local-in traffic, traffic directed to FortiGate.
Related article: Technical Tip: Retain permanent IP bans and quarantines after rebooting FortiGate |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.