Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
patrickwilson82
New Contributor

Daily Fortigate Report Failed Admin logins

Hello, I’m still somewhat new to the network admin world, so forgive me if this a dumb question. On the Daily report my Fortigate sends me, I see quite a few failed admin logins from external IP’s. Is this something to be concerned about? Is there anything I need to look at doing to fine tune my security? Thanks in advance for the help.

1 Solution
makco10
Contributor II

Hello,

 

This means you have someone trying to access to your Fortigate, if you don´t access to the fortigate via WAN/ ISP interface you can disable the http,https,ssh access in your WAN/ ISP Interface.

 

Then you can setup a vpn to safely access to your fortigate.

 

Change and make a strong password, also you can restrict the admin user for only use in a trusted host (only your local network) also you can configure the free fortitoken.

 

Regards.

Defend Your Enterprise Network With Fortigate Next Generation Firewall

View solution in original post

Defend Your Enterprise Network With Fortigate Next Generation Firewall
4 REPLIES 4
makco10
Contributor II

Hello,

 

This means you have someone trying to access to your Fortigate, if you don´t access to the fortigate via WAN/ ISP interface you can disable the http,https,ssh access in your WAN/ ISP Interface.

 

Then you can setup a vpn to safely access to your fortigate.

 

Change and make a strong password, also you can restrict the admin user for only use in a trusted host (only your local network) also you can configure the free fortitoken.

 

Regards.

Defend Your Enterprise Network With Fortigate Next Generation Firewall
Defend Your Enterprise Network With Fortigate Next Generation Firewall
patrickwilson82

Thanks makco10. I set the admin profile to only be able to be accessed by trusted hosts. This seems to have solved my issue. I appreciate the help.

makco10

Excellent.

 

Regards.

Defend Your Enterprise Network With Fortigate Next Generation Firewall
Defend Your Enterprise Network With Fortigate Next Generation Firewall
Nikhil_lavate87
New Contributor

Message meets Alert condition

The following intrusion was observed: TCP.Split.Handshake.

date=2018-10-23 time=18:00:56 devname=FG200D3916815028 devid=FG200D3916815028 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd=root severity=medium srcip=23.234.39.77 srccountry="United States" dstip=172.16.10.38 srcintf="wan1" dstintf="port16" policyid=13 sessionid=71453405 action=detected proto=6 service="ca.vsign.in_http" attack="TCP.Split.Handshake" srcport=13633 dstport=8999 direction=outgoing attackid=26339 profile="all_default" ref="http://www.fortinet.com/ids/VID26339" incidentserialno=257015217 msg="a-ipdf: TCP.Split.Handshake, TCP split handshake at state: ESTABLISHED" crscore=10 crlevel=medium  

Labels
Top Kudoed Authors