I want to protect my server from RDP Brute forces but after enable Security Profiles. I can't access to server anymore.
- Without looking at your policy & Security Profile impossible to say what might have happened.
- Fortigate does not proxy RDP connections so it will not differentiate between successful/failed RDP login attempts to block the brute force flood.
My config is
#####
config firewall policy edit 5 set name "NATING_to_WEBs1" set uuid **** set srcintf "VLAN 401" set dstintf "VLAN 410" set srcaddr "y.y.y.y" set dstaddr "WEBs1toINTERNET" # this object is NAT public : 180.1x.x.x to private 192.168.1.10 set action accept set schedule "always" set service "ALL" set utm-status enable set ips-sensor "default" set logtraffic all next end
#####
IF I try to RDP to 180.1x.x.x when enable ips-sensor, result is fail.
IF I try to RDP to 180.1x.x.x when disable ips-sensor, result is success.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.