Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Duy2003
New Contributor III

Brute force attacker username admin

Hi team,
I have configured to disable access http and https on the interfaces, configured trust host on the admin account but still reported brute force log

 

 

 

 

 

8 REPLIES 8
funkylicious
SuperUser
SuperUser

Hi,

Are you seeing them in logs for VPN or System Events ?

"jack of all trades, master of none"
"jack of all trades, master of none"
Duy2003
New Contributor III

Hi @funkylicious ,
I am seeing them in logs for System Events

 

funkylicious

Well, if you disabled http/https for the wan interfaces, maybe they are ssh attempts?

I would advise you to use trusted hosts for all your administrators.

If one user/admin doesn't have trusted hosts enabled/configured , the mgmt ( ssh/http/https ) will still be opened from everywhere and attempts/brute force can be made ( the good part is that even they know the pass for the user that has it configured but the src ip isnt the one in the trustedhosts it cannot be accessed/permitted ), but if for all are configured nothing ( no prompt to enter credentials ) will be made available for them.

Another option would be to use local-in policies, cli configurable only.

"jack of all trades, master of none"
"jack of all trades, master of none"
Duy2003
New Contributor III

Hi @funkylicious 
This is logs content for log system
z5934701097569_f36f6b7ee88f1a2ca99102d1c9b63b0e.jpg

funkylicious

Hi,

Are you using FortiAnalyzer by any chance ?

 

L.E. if so, please have a look at https://community.fortinet.com/t5/FortiAnalyzer/Technical-tip-Admin-login-from-127-0-0-1/ta-p/191892

 

"jack of all trades, master of none"
"jack of all trades, master of none"
Duy2003
New Contributor III

Yes, I use FortiAnalyzer

 

funkylicious

Check the link from above.

"jack of all trades, master of none"
"jack of all trades, master of none"
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors