Exactly as the title says. I have searched the forums and havent found anything that does this. Its either "use the admin lockout settings" or blocks after the first failed attempt, which will create and excess number of trouble tickets from end users if that is the case. I need the automation to check if the ip address has multiple failed attempts before adding the address to the block list.
We do not have a fortianalyzer at this time. Is this possible without one or is a FortiAnalyzer required for this type of automation.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
config vpn ssl settings
set login-attempt-limit 3
set login-block-time 300
end
should do the trick
Will this block the ip address. This is in response to brute force attempts coming from a vast random list of usernames. and as such needs blocked via Ip address permanently after X number of failed attempts from an ip address.
Follow this article which tells how to use automation stitch for admin login. I believe there will be a trigger for ssl-vpn logon fail (article is for admin login fail)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.