Hi all,
I m trying to achieve one thing:
We find many SSH access to our Fortigate.
But for some reason, we can not use manual local policy or Trust hosts to prevent those attacks.
We have a FAZ and it seems the Playbook might work for this case.
We would like to :
1. When the FAZ finds the FGT event login failed more than 3 three times, create an object for that attacker Ip.
2. Fortigate put that object to a Firewall and both local policy for blocking
Can any one show me few samples if we can achieve it this way?
Thanks in advance!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Potato,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello again Potato,
I talked to one of our engineers, and it unfortunately sounds like what you're thinking of is not currently possible. Because FortiAnalyzer as intended a logging tool, it cannot directly affect policies in FortiGate. As a result, FortiGate policies cannot be created/altered when playbook events are triggered in FortiAnalyzer.
I'm sorry we couldn't help more. Feel free to reach out if you have any further questions.
Kind regards,
You may try a python script similar to the one in following discusssion - https://community.fortinet.com/t5/Support-Forum/Automation-SSL-VPN-login-fail-event-gt-Ban-IP/m-p/25...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.