Failed admin authentication attempt

Marian · ‎10-17-2011

Hi, I have a Fortigate and in the Dashboard I see very often, in the Alert Message Console this kind of messages: Failed admin authentication attempt for ... So I gess that there is someone trying to access to the Fortigate management. So I am very worried. I would like to know where I can see if some of that attempts were successfull and if there is something that I could do in order to not let them get into the Fortigate. Thanks

Carl_Wallmark · ‎10-17-2011

Hi, The event log says if a logon attempt was successfull. You should disable any remote management on the interface facing the Internet. And if you must have them enabled, set a " trusted source ip" on the admin account.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

Marian · ‎10-17-2011

Ok, Thanks for the quick response. best regards Marian

davidinark · ‎04-20-2012

I am seeing the same thing, but for ROOT and for AA. I disable admin from outside my network, but how do you disable root and aa? Who is aa?

ede_pfau · ‎04-22-2012

Usually that means that you have Admin access allowed on the WAN port (HTTP, HTTPS, telnet or ssh). The villains might try any name but ' root' is quite common. ' aa' stands for Anonymous Addict or Almighty Admin, they' ve just made it up. If you HAVE TO have admin access on the WAN port you can - rename the admin account - change the service port to >20.000 - restrict the IP (range) allowed to connect The latter option is often infeasable, the former ones standard.

Ede Kernel panic: Aiee, killing interrupt handler!

Failed admin authentication attempt

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website