Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
arahman
Staff
Staff

Created on ‎12-26-2024 06:18 AM Edited on ‎12-31-2024 10:12 AM

Article Id 366773

Technical Tip: SSL VPN Brute Force or Multiple Unknown Failed Login Attempt Mitigation Resource List

Description

 

This article describes the resource list in the event there are multiple failed login attempts or Brute force attack on the SSL VPN.

 

Scope

 

FortiGate.

 

Solution

 

The SSL VPN logs show a lot of unknown failed login attempts from unknown IP addresses or countries and sometimes cause blocks to the legitimate user. Multiple options can be implemented on the SSL VPN to strengthen it.

 

Find below the resource list that helps in mitigating Brute Force or Multiple Unknown Failed Login attempts  on SSL VPN

 

Title  Description
FortiGate SSL VPN best practices guide This article describes the common SSL VPN best practices that should be taken into consideration while configuring the SSL VPN on the FortiGate to further strengthen the security.
How to secure and limit an SSL VPN unknown user login  This article describes how to process a brute-force attack on SSL VPN login attempts with random users/unknown users and how to protect from SSL VPN brute-force logins.
How to limit SSL VPN login attempts and block duration

This article describes how to alter the default login-attempt-limit and login-block-time for SSL VPN users.
How to use a Threat Feed with SSL VPN

This article describes how to use a Threat Feed with SSL VPN to block IP addresses with Firewall policy.
Blocking SSL VPN access to malicious IPs belonging to the allowed country list in Geo Block Policies

This article describes how to use a Threat Feed with SSL VPN to block IP addresses from the allowed Geo location with Local-in policy.
Restricting SSL VPN connectivity from certain countries using firewall geography addresses The article describes how to restrict SSL VPN connectivity from unwanted countries
Local-in policy using ISDB as a source address This article describes the use of ISDB objects as a source IP address for local-in policy (applies to FortiOS version 7.4.4 and above).
Prevent Malicious IP addresses from accessing SSL VPN This article describes the usage of ISDB with loopback interface to block known malicious IP addresses in Firewall policy
How to block SSL VPN Connection from a certain source IP Address This article describes how to block certain IP addresses from connecting to SSL VPN, not by using local-in policy, or specific geolocation restrictions.
How to permanently block SSL VPN failed logins using an Automation Stitch This article describes how to make use of an Automation stitch that monitors and adds remote IP addresses of the failed SSL VPN logins to a permanent block list. 
Enhance SSL VPN Security by blocking offenders' IP addresses using FortiAnalyzer Event Handler and A... This article describes the usage of FortiAnalyzer event handlers and FortiGate automation capabilities to block remote IP addresses of SSL-VPN failed login attempt.
How to prevent the SSL VPN web login portal from displaying when SSL VPN web mode is disabled  This article describes how to prevent the SSL VPN web portal from getting displayed to users when SSL VPN web mode is disabled.

 

314
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.