Hello,
Over the last 2 weeks our Fortigate 80C as been detecting failed attempts to login as an administrator from some IP address in China. An example message:
The following critical firewall event was detected: Critical Event.
date=2013-09-11 time=22:11:14 devname=vpn devid=FGT80C3909609079 logid=0100032002 type=event subtype=system level=alert user=" admin" ui=ssh(121.134.21.116) action=login status=failed reason=" passwd_invalid" msg=" Administrator admin login failed from ssh(121.134.21.116) because of invalid password
It' s always from the same IP address. Is there something I can do to block attempts from this IP address?
Thanks