I've been googling this without finding an answer. Is there a mechanism in the Fortigate firewall to block an IP after a certain number of failed ssh attempts on the firewall itself? Something like what fail2ban provides?
I wish to keep ssh access available on the wan IP. I've tried changing the port a few times, but the attackers are using distributed port scans to find the ssh port. I currently block an IP for 6 months after 50 ports have been scanned or an icmp sweep of 8 or more IPs.
The web auth allows timeouts and number of failed attempts before lockout. Is there any setting like for for SSH? How about only allowing SSH login with keys and no passwords?
I know about trusted hosts and I'd rather not do that if necessary.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
You can use a private certificate:
https://forum.fortinet.com/tm.aspx?m=151154
Regards.
Maybe I missed it, but I did not see the configuration to disable password ssh auth. I'm currently using SSH keys for myself, but the less advanced users will have a hard time using a ssh key, and I'm not sure I particularly trust them logging in without a password.
So no real way to rate limit the ssh connection attempts. Say after five failed attempts, disable ssh access from that IP for a certain number of minutes.
I think for security reason is not possible.
Other option is that you change the default port configurations for SSH administrative access for added security.
config system global
set admin—ssh—port 2345
end
https://docs.fortinet.com/uploaded/files/3624/fortigate-hardening-your-fortigate-56.pdf
Page 17
Important note: If you change to the HTTPS or SSH port numbers, make sure your changes do not conflict with ports used for other services.
Regards.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.