Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ryushin
New Contributor

Fortigate SSH Brute Force Attacks

I've been googling this without finding an answer.  Is there a mechanism in the Fortigate firewall to block an IP after a certain number of failed ssh attempts on the firewall itself?  Something like what fail2ban provides?

 

I wish to keep ssh access available on the wan IP.  I've tried changing the port a few times, but the attackers are using distributed port scans to find the ssh port.  I currently block an IP for 6 months after 50 ports have been scanned or an icmp sweep of 8 or more IPs.

 

The web auth allows timeouts and number of failed attempts before lockout.  Is there any setting like for for SSH?  How about only allowing SSH login with keys and no passwords?

 

I know about trusted hosts and I'd rather not do that if necessary.

 

3 REPLIES 3
makco10
Contributor II

Hello,

 

You can use a private certificate:

 

https://forum.fortinet.com/tm.aspx?m=151154

 

Regards.

Defend Your Enterprise Network With Fortigate Next Generation Firewall
Defend Your Enterprise Network With Fortigate Next Generation Firewall
Ryushin

Maybe I missed it, but I did not see the configuration to disable password ssh auth.  I'm currently using SSH keys for myself, but the less advanced users will have a hard time using a ssh key, and I'm not sure I particularly trust them logging in without a password.

 

So no real way to rate limit the ssh connection attempts.  Say after five failed attempts, disable ssh access from that IP for a certain number of minutes.

makco10

I think for security reason is not possible.

 

Other option is that you change the default port configurations for SSH administrative access for added security.

 

config system global

set admin—ssh—port 2345

end

 

https://docs.fortinet.com/uploaded/files/3624/fortigate-hardening-your-fortigate-56.pdf

 

Page 17

 

Important note: If you change to the HTTPS or SSH port numbers, make sure your changes do not conflict with ports used for other services.

 

Regards.

 

Defend Your Enterprise Network With Fortigate Next Generation Firewall
Defend Your Enterprise Network With Fortigate Next Generation Firewall
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors