Hi team,
I have configured to disable access http and https on the interfaces, configured trust host on the admin account but still reported brute force log
Hi,
Are you seeing them in logs for VPN or System Events ?
Hi @funkylicious ,
I am seeing them in logs for System Events
Created on 10-20-2024 11:49 PM Edited on 10-20-2024 11:51 PM
Well, if you disabled http/https for the wan interfaces, maybe they are ssh attempts?
I would advise you to use trusted hosts for all your administrators.
If one user/admin doesn't have trusted hosts enabled/configured , the mgmt ( ssh/http/https ) will still be opened from everywhere and attempts/brute force can be made ( the good part is that even they know the pass for the user that has it configured but the src ip isnt the one in the trustedhosts it cannot be accessed/permitted ), but if for all are configured nothing ( no prompt to enter credentials ) will be made available for them.
Another option would be to use local-in policies, cli configurable only.
Hi @funkylicious
This is logs content for log system
Created on 10-21-2024 01:25 AM Edited on 10-21-2024 01:27 AM
Hi,
Are you using FortiAnalyzer by any chance ?
L.E. if so, please have a look at https://community.fortinet.com/t5/FortiAnalyzer/Technical-tip-Admin-login-from-127-0-0-1/ta-p/191892
Yes, I use FortiAnalyzer
Check the link from above.
Configure local in policy
https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/363127/local-in-policy
And configure isdb for malicious traffic action drop based
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Blocking-Potential-threats-over-Internet-s...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.