Fortigate VPN ban IPs

tanaki · ‎02-27-2023

Hello,

Is there a fail2ban-like feature in Fortigate? I'm running VPN server on my 60f and I want it to block all IPs with more than 3 failed login attempts

Thank you

gfleming · ‎02-28-2023

You can have your VPN terminated on a loopback and set up an IPS profile on the resulting FW policy that would be required.

Cheers,
Graham

Yurisk · ‎03-01-2023

Hi,

you don't really need fail2ban as there is a built-in feature for this in Fortigate:

CLI:

config vpn ssl settings

set login-attempt-limit [0-10] Default is 2.

set login-block-time [0-86400] Default is 60 seconds.

end

You can ban the failed logins IP for a duration of up to 24 hours.

Yuri Slobodyanyuk

tanaki · ‎03-02-2023

Thank you

Nominate a Forum Post for Knowledge Article Creation