Hello. It would be nice to have some sort of logic in the configuration of the SSL-VPN Web Mode such that you could enable an additional authentication method that is used "before" you get to the page where you provide credentials. Maybe something as simple as a password/passphrase, or more sophisticated where an access request could be completed and sent to a designated person or persons. Or, a way to pre-configure access for individuals for a period of time, where they could enter in a username and pass through if a match occurs. This could potentially help to prevent bot/bad actor logon attempts. FortiGate
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @dsbit
Something like this already exists, I mean 2FA/MFA, like add a mobile token for the user.
Thanks, @AEK ! In this case I think it's a bit different scenario where third-party vendor access is needed on occasion, and we'd want to stop bots from even getting to the point where they have access to the credentials box/control (to make attempts prior to MFA).
Hi @dsbit,
Web mode is not secure and not recommended. When it is enabled, anyone can access it on the browser and enter random credentials. From what I know, the only way to avoid it is to disable web mode and remove the login page as per this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-prevent-the-SSL-VPN-web-login-porta...
Regards,
Thanks @hbac ! Agreed for sure (we use it sparingly). It could definitely be enhanced!
I think about two possible solutions that may suit you:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.