Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

SSL VPN Logging & Brute Force Attacks

Hey everyone, I have a customer who is constantly being attacked on our SSL VPN interface. I enabled block policies after 3 failed attempts and they get blocked for 6 months. It worked well for a little while but now they are using spoofing to change their IP every attempt. So rendering my blocking useless. I wouldn't care so much but I am constantly getting failed login attempt alerts emails now. Super annoying. I've gotten 5 since I've started writing this. Anyway, anyone see any way that I could stop this from happening? I would like to keep the logging on as its useful for me but I am thinking about just turning it off completely as this point.

New Contributor

Just to say that we have been experiencing the same for more than one month. Dozens alerts each hour. It's really annoying.




Hi BK_Bianko/jinto26,

Thank you for contacting Fortinet Forum


I think this might resolve your problem, Please check the below document


Restrict access to the SSLVPN service from expected country

Along with the limitation of the connections from abroad, you might follow this KB and configure SSLVPN login limits along with the blocking duration of incorrectly entered credentials.

To hide FortiGate login page using local-in-policy



Restrict access to the SSLVPN service from expected country worked like a charm. Can't believe I didn't think of that.  Thanks!