Description | This article describes how to use local-in policies to restrict administrative access from attackers or malicious IPs trying to get into the FortiGate. |
Scope | FortiGate. |
Solution |
There are instances where unauthorized login attempts are coming from malicious IPs trying to get into the FortiGate. It is strongly recommended to restrict the login from those malicious IPs. Below are sample logs indicating brute force attempts from attackers.
To apply a local-in policy to restrict unauthorized attempts on administrative access (HTTPS, HTTP, SSH) of the firewall. local-in policy configuration is only available on the CLI.
config firewall address
config firewall local-in-policy
Once the local-in policy is applied, the attacker from the defined IP/subnet will no longer be able to reach the administrator login prompt.
By default, local traffic logs in FortiGate are disabled. To enable local traffic logs: Technical Tip: Local traffic logs tab shows no results
To view local-in policy logs, navigate to Log & Report -> Local Traffic:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.