Have a fortigate 60D which pushes only smtp /https traffic to our email gateway. However seeing quite a lot of authentication failures on our barracuda the email firewall. IPS and AV is enabled for the UTM . Any way to check this out. Cant do block by ip isnce it is random ip on a daily basis. Running firmware 5.0.10
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
if it's pure auth failures you can write a custom signature
http://socpuppet.blogspot.com/2014/07/example-fo-smpauth-protection-fortigate.html
PCNSE
NSE
StrongSwan
Can you spot a trend in the IP addresses by location (global location)? The Fortigates in newer versions support policies by region.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
if it's pure auth failures you can write a custom signature
http://socpuppet.blogspot.com/2014/07/example-fo-smpauth-protection-fortigate.html
PCNSE
NSE
StrongSwan
You might be able to use a DoS policy to drop by source or what I do is have all of my IPS rules setup to ban source IPs for 30 days once triggered. Stops a lot of these guys in there tracks. Make sure you aren't NAT'ing inbound by mistake. I did this once a long time ago and it caused all sorts of problems.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1094 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.