Created on ‎02-05-2024 09:57 PM Edited on ‎11-07-2024 12:12 AM By Jean-Philippe_P
Description | This article describes how to use local-in policies to restrict administrative access from attackers or malicious IPs trying to get into the FortiGate. |
Scope | FortiGate. |
Solution |
There are instances where unauthorized login attempts are coming from malicious IPs trying to get into the FortiGate. It is strongly recommended to restrict the login from those malicious IPs. Below are sample logs indicating brute force attempts from attackers.
To apply a local-in policy to restrict unauthorized attempts on administrative access (HTTPS, HTTP, SSH) of the firewall. local-in policy configuration is only available on the CLI.
config firewall address
config firewall local-in-policy
Once the local-in policy is applied, the attacker from the defined IP/subnet will no longer be able to reach the administrator login prompt.
By default, local traffic logs in FortiGate are disabled. To enable local traffic logs, see Technical Tip: Local traffic logs tab shows no results.
To view local-in policy logs, navigate to Log & Report -> Local Traffic:
To allow login attempts only from the United States or a specific country and block access from the rest of the world, follow this sample script where login is permitted only from IP addresses belonging to the United States.
Ignore the UUI Part in the previous screenshot.
Note: In the script below, the United States Geo-IP address object is named 'US'. Adjust the name in the script to match the address object name if it differs.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.