Newbie question: I have a client that I monitor who is getting a number of requests from specific TOR exit nodes to the SSLVPN server 10443. There is a small exchange of data each time. Two questions.
Is there a way to block this traffic before the authentication attempt starts? Can firewall policy supersede the auth attempt?
Are there any other best practices around blocking TOR traffic (with regards to this port).
Thanks in advance for any help.
pm238
Yes, both Local-In policy and DDoS policy are able to block rogue sources.
Alas, not all features available in a regular policy are usable in these, but source address, destination address and port are. YMMV.
Configure Local-In policies in the CLI. I find the GUI feature (after activation) less useful.
Thanks, Ede. This was just what I was looking for. I truly appreciate it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.