Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pm238
New Contributor

Created on ‎12-04-2019 03:21 AM

Blocking access attempts prior to authentication attempt on 10443 for known bad actors.

Newbie question: I have a client that I monitor who is getting a number of requests from specific TOR exit nodes to the SSLVPN server 10443. There is a small exchange of data each time. Two questions.

 

Is there a way to block this traffic before the authentication attempt starts? Can firewall policy supersede the auth attempt? 

Are there any other best practices around blocking TOR traffic (with regards to this port).

Thanks in advance for any help.

 

pm238

2653
0 Kudos
2 REPLIES 2
ede_pfau
SuperUser
SuperUser

Created on ‎12-04-2019 01:10 PM

Yes, both Local-In policy and DDoS policy are able to block rogue sources.

Alas, not all features available in a regular policy are usable in these, but source address, destination address and port are. YMMV.

Configure Local-In policies in the CLI. I find the GUI feature (after activation) less useful.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1561
0 Kudos
pm238
New Contributor
In response to ede_pfau

Created on ‎12-06-2019 03:10 AM

Thanks, Ede. This was just what I was looking for. I truly appreciate it.

1561
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.