Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jinto26
New Contributor

Created on ‎07-23-2022 04:08 AM

SSL VPN Logging & Brute Force Attacks

Hey everyone, I have a customer who is constantly being attacked on our SSL VPN interface. I enabled block policies after 3 failed attempts and they get blocked for 6 months. It worked well for a little while but now they are using spoofing to change their IP every attempt. So rendering my blocking useless. I wouldn't care so much but I am constantly getting failed login attempt alerts emails now. Super annoying. I've gotten 5 since I've started writing this. Anyway, anyone see any way that I could stop this from happening? I would like to keep the logging on as its useful for me but I am thinking about just turning it off completely as this point.

192.168.0.1 router login 192.168.l.l
Labels:
2693
3 REPLIES 3
BK_Bianko
New Contributor

Created on ‎07-24-2022 02:57 AM

Just to say that we have been experiencing the same for more than one month. Dozens alerts each hour. It's really annoying.

 

Francesco

2652
0 Kudos
subramanis
Staff
Staff

Created on ‎07-24-2022 09:01 AM Edited on ‎07-24-2022 09:14 AM

Hi BK_Bianko/jinto26,

Thank you for contacting Fortinet Forum

 

I think this might resolve your problem, Please check the below document

 

Restrict access to the SSLVPN service from expected country https://kb.fortinet.com/kb/documentLink.do?externalID=FD48235#:~:text=Go%20to%20VPN%20%2D%3E%20SSL%2....


Along with the limitation of the connections from abroad, you might follow this KB https://kb.fortinet.com/kb/documentLink.do?externalID=FD48714 and configure SSLVPN login limits along with the blocking duration of incorrectly entered credentials.


To hide FortiGate login page using local-in-policy https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-hide-FortiGate-login-page-using-loc...


Thanks
Sasikumar.S

2645
rreinsch
New Contributor
In response to subramanis

Created on ‎09-15-2022 11:35 AM

Restrict access to the SSLVPN service from expected country worked like a charm. Can't believe I didn't think of that.  Thanks!

1809
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.