Hello everyone,
I would like to share with you this my mini guide that I created for own purpose: block unwanted and malicious attempts to connect to our SSL VPN permanently.
Through "Automation" I created a Stitch that get Logs of failed attempts to access the SSL VPN and create an IP Address Group that would be invoked by a Local Policy that deny connections to the SSL VPN.
This system blocks the source IP on the first attempt, and here there was the problem for known users who might run into this automation.
I created a second Stitch that within it invokes a Trigger with a Filter Field on the "known" username ; this creates another IP Address Group that is then invoked by a Local Policy that allows traffic.
Below is my configuration:
These are all the Automations:
First Automation to Block UNKnow User:
The Trigger ( the trigger that takes the Logs ) :
The Action (that create and append the IP in Address Group) :
N.B.: it's a vdom - root
end
config vdom
edit root
config firewall address
edit %%log.remip%%
set color 6
set subnet %%log.remip%%/32
end
config firewall addrgrp
edit AUTOBLK_GRP
append member %%log.remip%%
end
Below is the configuration of the Automation that creates another group but with a Trigger that specifies the user that will be hung in this group and allowed with the other Local Policy.
the Second Group Permit:
end
config vdom
edit root
config firewall address
edit %%log.remip%%
set color 6
set subnet %%log.remip%%/32
end
config firewall addrgrp
edit AUTOPERMIT_GRP
append member %%log.remip%%
end
For more users you have to create more Stitch because you cannot add users in the previous Stitch because Filter Fields have the consequence with AND and not with OR
config firewall local-in-policy
edit 1
set intf "VLAN_7"
set srcaddr "AUTOPERMIT_GRP"
set dstaddr “SSL_VPN_ADDR”
set action accept
set service "HTTPS"
set schedule "always"
next
edit 2
set intf "VLAN_7"
set srcaddr "AUTOBLK_GRP"
set dstaddr “SSL_VPN_ADDR”
set service "HTTPS"
set schedule "always"
next
end
I hope you enjoyed the guide and if you have ideas on how to avoid creating more Automation to add more users it would be helpful to know.
Enjoy
Fabio
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.