Hi We have a small Fortigate with SSLVPN for home users. For a few months we have had more and more VPN login attempts. In the past from few IP address. We have blocked this on the firewall. Now we have ~100 attempts per day, always with a different source IP. This floods the log and important events can be missed. Geo-blocking is not an option as the CEO should have access even when on vacation. Can we configure that a denied is only sent for known usernames? Any other ideas?
I'm a little unclear what exactly you're looking for:
- do you want the FortiGate to only generate a log for users it knows?
--> this is not really possible, but you could filter out failed SSLVPN logs
--> those logs would have a specific log ID, and you can set a filter via CLI to exclude those logs
--> most failed SSLVPN logs will not contain a username, as VPN can often fail before authentication is completed successfully, and username information is not applicable due to this
- do you want FortiGate to block/drop connections for anyone except known users?
--> this is not possible because FortiGate will only learn the username after successful authentication, which requires allowing an initial connection.
You could try changing the SSLVPN port - that would require your VPN users to make a minor change on their FortiClients, but should help somewhat, unless the ports of your FortiGate are scanned for some reason and the new VPN port discovered, and FortiGate can be configured with DoS policies to block port scans.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
config firewall addres. edit "Block_SSLVPN" ...config vpn ssl setting. set source-address "Block_SSLVPN" ...dia sniff pack any "host 10.47.2.111 and port 10443" 4. Using Original Sniffing Mode. ... get vpn ssl monitor. SSL-VPN Login Users myfiosgateway.com
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.