Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

SSH Attack on Fortigate

Morning all... I manage a fortigate that some one is trying to login in to Via SSH this is the event I get Message meets Alert condition The following critical firewall event was detected: Critical Event. 2008-04-09 02:40:34 device_id=FGT-********* log_id=0104032002 type=event subtype=admin pri=alert vd=root user=" test" ui=ssh(***.***.***.***) action=login status=failed reason=" name_invalid" msg=" Administrator test login failed from ssh(***.***.***.***) because of invalid user name" How do I stop this... I know the obvious answer is to take SSH off of the WAN1 port...but I have a Fortimanager at a different location and that is how they Communicate VIA SSH. I tried to create a policy that basically said only allow ssh access from My Fortianalyzer. I thought about just blocking the IP, but everyday the attack comes from a different IP. Any Ideas?? for now I just disable ssh on WAN1 for a Temp fix.
3 REPLIES 3
rwpatterson
Valued Contributor III

You could build a tunnel between the two sites, and then use the IP on the inside interface for the Fortimanager. This would obsolete the need to keep ssh open to the outside world.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
abelio
SuperUser
SuperUser

Administrative access to your FTG box it' s not controlled for your WAN->internal firewall policies. To control from where your FTGbox you or somebody can access (SSH, HTTPS, PING or whatever), restrict " Trusted Hosts" (System->Admin->Administrators menu)

regards




/ Abel

regards / Abel
Not applicable

Thanks for the ideas guys!!!!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors