Block Ip address After X number of failed SSL-VPN Login attempts from said source IP addr.

bmurphy7 · ‎12-12-2024

Exactly as the title says. I have searched the forums and havent found anything that does this. Its either "use the admin lockout settings" or blocks after the first failed attempt, which will create and excess number of trouble tickets from end users if that is the case. I need the automation to check if the ip address has multiple failed attempts before adding the address to the block list.

We do not have a fortianalyzer at this time. Is this possible without one or is a FortiAnalyzer required for this type of automation.

funkylicious · ‎12-12-2024

config vpn ssl settings
set login-attempt-limit 3
set login-block-time 300

end

should do the trick

"jack of all trades, master of none"

bmurphy7 · ‎12-12-2024

Will this block the ip address. This is in response to brute force attempts coming from a vast random list of usernames. and as such needs blocked via Ip address permanently after X number of failed attempts from an ip address.

jjdope · ‎12-12-2024

Follow this article which tells how to use automation stitch for admin login. I believe there will be a trigger for ssl-vpn logon fail (article is for admin login fail)

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Block-FortiGate-Administrator-Login-with-a...

JJ

Block Ip address After X number of failed SSL-VPN Login attempts from said source IP addr.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website