Are you using MFA? There are also some device posture checks built into FortiGate to ensure the device meets criteria for your organization. What version of FortiOS are you running? You can also look at FortiNAC to control device posture before providing VPN access.
Do you mean the SSL webpage itself? If so, then frontend the SSL VPN page with a WAF.
it's a bit tricky to protect a VPN gateway from the internet - the whole point is that your VPN users can access the gateway from anywhere, essentially. That being said, you can do a few things to protect the gateway: - put a Web Application Firewall in front, as suggested by Adam - create local-in policies on FortiGate to block certain source addresses/IP blocks (like IP ranges associated with specific geographic locations) - in the SSLVPN settings, limit access to specific source IPs:
-> this would only be an option if you know the IPs your users will connect with, or at least a broader range your users will utilize
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
I heard that some organizations put some kind of proxy (server or appliance + yubikey, i don't know exactly) before vpn. So my understanding was that user first authenticate with proxy then in vpn. It looks like layered model of authenticate, did You hear about something like this ??
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.