Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Block Sources by origin ISP for VPN - Skimmer bots...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Block Sources by origin ISP for VPN - Skimmer bots locking out accounts.
Is there a way to block sources by their ISP name?
We have an issue with skimmer bots attempting authenticate against our VPN server, constantly locking out accounts that we use. Even though these accounts don't have VPN access, the FortiGate still passes through the login attempt to the DC.
We already have connections geo-blocked, but the geo-block feature is useless now that foreign bots just use a VPN service to tunnel into the U.S. before attacking our firewall.
Grabbing the IP addresses from the logs and running a geo-lookup on them, I found that all of them are coming from different VPN providers.
Blocking these by the ISP name or even whitelisting certain ISPs should fix this issue if it's possible on FortiGates.
I'm using a FortiGate 100E.
Thanks for any help with this.
Labels:
- Labels:
-
Firewall policy
-
FortiGate
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't know a way to achieve exactly what you are looking for but here are some ideas that can be useful:
- SSL VPN is not recommended anymore, so try to migrate to IPsec
- In case you must use SSL VPN, make sure your FG is not at a vulnerable version. Keep it always patched to avoid the known SSL VPN vulnerabilities
- Use a high port for your SSL VPN (above 20000), since scan bots don't scan more than few thousands ports in order to save time and resources
- Use strong passwords and MFA
- Auto-block source IP after 3 unsuccessful attempts
AEK
AEK
Labels
-
FortiGate
10,212 -
FortiClient
2,076 -
FortiManager
864 -
5.2
687 -
FortiAnalyzer
664 -
5.4
638 -
FortiSwitch
564 -
FortiAP
546 -
FortiClient EMS
530 -
6.0
416 -
IPsec
370 -
FortiMail
363 -
5.6
362 -
SSL-VPN
353 -
FortiNAC
260 -
6.2
251 -
Fortiweb
249 -
FortiAuthenticator v5.5
234 -
SD-WAN
178 -
FortiAuthenticator
160 -
FortiGuard
159 -
5.0
152 -
Firewall policy
130 -
6.4
128 -
FortiCloud Products
114 -
FortiGateCloud
113 -
FortiGate-VM
111 -
FortiSIEM
110 -
FortiToken
108 -
Customer Service
108 -
Wireless Controller
95 -
High Availability
82 -
FortiProxy
76 -
ZTNA
70 -
Fortivoice
69 -
Routing
69 -
VLAN
69 -
FortiEDR
68 -
DNS
67 -
FortiADC
65 -
SAML
64 -
BGP
62 -
Authentication
61 -
Certificate
58 -
radius
57 -
FortiSandbox
53 -
FortiExtender
52 -
SSO
52 -
FortiLink
52 -
LDAP
52 -
NAT
50 -
4.0MR3
49 -
Application control
46 -
FortiDNS
43 -
VDOM
41 -
Interface
40 -
Logging
40 -
FortiSwitch v6.4
39 -
FortiGate v5.4
38 -
Virtual IP
38 -
Web profile
37 -
API
36 -
FortiConnect
34 -
FortiWAN
32 -
FortiPAM
32 -
SSL SSH inspection
31 -
FortiConverter
30 -
FortiGate v5.2
27 -
RMA Information and Announcements
27 -
Automation
27 -
Static route
25 -
FortiPortal
24 -
Traffic shaping
24 -
SSID
24 -
FortiSwitch v6.2
23 -
System settings
23 -
FortiGate Cloud
22 -
SNMP
22 -
WAN optimization
21 -
FortiMonitor
20 -
OSPF
19 -
Web application firewall profile
18 -
FortiSOAR
17 -
Admin
17 -
Security profile
17 -
FortiAP profile
17 -
Web rating
17 -
IP address management - IPAM
17 -
FortiDDoS
16 -
FortiCASB
15 -
Proxy policy
15 -
FortiGate v5.0
14 -
IPS signature
14 -
Explicit proxy
13 -
Antivirus profile
13 -
Traffic shaping policy
13 -
Intrusion prevention
13 -
FortiManager v5.0
12 -
FortiManager v4.0
12 -
FortiAnalyzer v5.0
12 -
NAC policy
12 -
Traffic shaping profile
12 -
Port policy
12 -
FortiDeceptor
11 -
FortiRecorder
11 -
Fabric connector
11 -
FortiGate v4.0 MR3
10 -
FortiWeb v5.0
10 -
FortiBridge
10 -
DNS filter
10 -
Trunk
10 -
Users
10 -
Fortinet Engage Partner Program
10 -
FortiCache
9 -
FortiToken Cloud
8 -
Application signature
8 -
Authentication rule and scheme
8 -
Vulnerability Management
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
VoIP profile
7 -
Cloud Management Security
7 -
FortiScan
6 -
FortiDirector
6 -
DLP profile
6 -
DLP sensor
6 -
DoS policy
6 -
FortiCarrier
5 -
FortiAI
5 -
FortiNDR
5 -
FortiTester
5 -
Internet service database
5 -
Email filter profile
5 -
Protocol option
5 -
3.6
4 -
DLP Dictionary
4 -
File filter
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiCWP
3 -
FortiHypervisor
3 -
Kerberos
3 -
Multicast policy
3 -
FortiInsight
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
FortiEdge Cloud
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
Subscription Renewal Policy
1 -
GPRS Tuneling Protocol
1 -
Virtual wire pair
1 -
Lacework
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2428 | |
| 1303 | |
| 778 | |
| 556 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.