Hey Guy's,
I am noticing consistent attempts to log into our device from our wan link (shown by the alert message console widget). I have not been able to figure out how to drill down and look at the IP that is trying to gain access. Any help would be greatly appreciated.
For now I have blocked all telnet and ssh attempts to the wan link and have the https access limited to static public IP's.
Thanks in advance!
Solved! Go to Solution.
Hello,
I think it should be logged under Event log -> System.
See the attached screenshot.
AtiT
Thanks for your help. You are correct I just need to add the 'login' filter.
User | Count |
---|---|
999 | |
832 | |
468 | |
440 | |
136 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.