Exactly as the title says. I have searched the forums and havent found anything that does this. Its either "use the admin lockout settings" or blocks after the first failed attempt, which will create and excess number of trouble tickets from end users if that is the case. I need the automation to check if the ip address has multiple failed attempts before adding the address to the block list.
We do not have a fortianalyzer at this time. Is this possible without one or is a FortiAnalyzer required for this type of automation.
config vpn ssl settings
set login-attempt-limit 3
set login-block-time 300
end
should do the trick
Will this block the ip address. This is in response to brute force attempts coming from a vast random list of usernames. and as such needs blocked via Ip address permanently after X number of failed attempts from an ip address.
Follow this article which tells how to use automation stitch for admin login. I believe there will be a trigger for ssl-vpn logon fail (article is for admin login fail)
User | Count |
---|---|
2116 | |
1187 | |
770 | |
451 | |
344 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.