Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Block SSLVPN login

We have a small Fortigate with SSLVPN for home users.
For a few months we have had more and more VPN login attempts. In the past from few IP address. We have blocked this on the firewall. Now we have ~100 attempts per day, always with a different source IP.
This floods the log and important events can be missed.
Geo-blocking is not an option as the CEO should have access even when on vacation.
Can we configure that a denied is only sent for known usernames?
Any other ideas?


Hey Can,

I'm a little unclear what exactly you're looking for:

- do you want the FortiGate to only generate a log for users it knows?

--> this is not really possible, but you could filter out failed SSLVPN logs

--> those logs would have a specific log ID, and you can set a filter via CLI to exclude those logs

--> most failed SSLVPN logs will not contain a username, as VPN can often fail before authentication is completed successfully, and username information is not applicable due to this

- do you want FortiGate to block/drop connections for anyone except known users?

--> this is not possible because FortiGate will only learn the username after successful authentication, which requires allowing an initial connection.


You could try changing the SSLVPN port - that would require your VPN users to make a minor change on their FortiClients, but should help somewhat, unless the ports of your FortiGate are scanned for some reason and the new VPN port discovered, and FortiGate can be configured with DoS policies to block port scans.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
New Contributor

config firewall addres. edit "Block_SSLVPN" ...config vpn ssl setting. set source-address "Block_SSLVPN" ...dia sniff pack any "host and port 10443" 4. Using Original Sniffing Mode. ... get vpn ssl monitor. SSL-VPN Login Users


Top Kudoed Authors