Hello,
how could I set limit for failed logins using Forticlient in SSL Mode.
Now I have such settings:
FGT (settings) # show full-configuration
config vpn ssl settings
set login-attempt-limit 2
set login-block-time 60
but no matter of that I can login how many time I like in forticlient and every time it return me that password is incorrect, then on the 10th time I use correct password and can login - so blocking is not working.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you please confirm if you are trying to login from same client IP and login attempts are made within 30 seconds?
Created on 05-08-2023 02:57 AM Edited on 05-08-2023 02:58 AM
Hi @Tutek
You may also look into the below doc. Hope it will help you out.
Limit the count of failed login attempts until the user is banned:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-limit-SSL-VPN-login-attempts-and-bl...
>>Restrict the source IP address area
If your users only need access to the SSL VPN portal from a specific source address or range, you can limit the allowed source addresses to those addresses.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-by-country-or-geolocation/ta-...
Also, please run the below commands in the CLI and then try to connect to VPN, post that logs will be generated, please share me those logs.
diag debug reset
diagnose vpn ssl debug-filter src-addr4
diag debug appl sslvpn -1
diag debug enable
Created on 05-08-2023 03:24 AM Edited on 05-08-2023 03:25 AM
where I could check on CLI or GUI if user is blocked or not?
Yes logins attemps are made in seconds, but I have multiple autoentication methods looks like local account get blocked (don't know how to verify this) and the domain users (radius authentication) are not getting blocked at all.
On GUI under "User and Authentication" > "User Definition"
I have here only status column if this column shows if the user is locked out because of failed logins?
Created on 05-08-2023 03:56 AM Edited on 05-08-2023 03:57 AM
so I can do for local user even five wrong logins from the same laptop the same IP, status for this user on the "User and Authentication" have status "Enabled - so blocking is not working for local users. For domain (radius) users situation is the same.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.