I have published web server to wan. I am blocking http traffic based on url using web filter. However, this still generates traffic. Is there a way to block a source ip after a number of times a blocked url is requested?
Thanks in advance
Hi Roman. Sounds like you' re doing something similar to what I want to be able to do.
Each day, I see numerous (as in 1000' s) of invalid login attempts on my network through our RemotApp web interface. This is just for staff, not for the public at large. I see this in the security log of the target machine. There are usually a dozen or so IP addresses that these come from each day. I have been noting the IP that the requests are coming from and then I add to policy rule which blocks incoming and outgoing traffic to that IP. This works but requires manual review, and only occurs after the attempts have been running for a while (I have an alert set up on the event log for when an account is locked out from too many invalid login attempts). I know this is not a good way to do this but don' t know how to do it any other way.
Do you see a way to accomplish this? I figure if an IP address is attempting to log in and are unsuccessful after XX attempts, I am OK to permanently block that IP. If it turns out to be a valid user then they can advise me and I' ll remove that one, but at least I won' t have to manually go through the logs after the fact, and the attempts will be halted before they' ve had many attempts.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.