Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Christoph1
New Contributor II

SSL VPN multiple failed logon attempts from TOR IPs

Hi guys,

I found many articles that help geo-block IP Addresses that try to connect on SSL VPN.
Now we face many attempts out of the TOR network. Fortigate has the TOR_Exit_node as an Internet Service Database, and it can also be added as external Connector, but local in Policies can't be configured with either.
Is there a way I miss? Fortigate has version 7.0.12/6.4.14.


1 Solution
Christoph1
New Contributor II

3 REPLIES 3
adambomb1219
SuperUser
SuperUser

Correct, local-in policies (traffic to the FortiGate itself) can't use more advanced objects like this.  I have some customers front-end their SSL VPN firewall with a "perimeter" firewall to do just that.

 

Why not create a list of allowed countries and block all others like here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restricting-SSL-VPN-connectivity-from-cert...

 

Also getting around geo-blocks is trivially easy for an attacker.  These type of attempts are better stopped at places like the MFA provider using device posture, etc.

Christoph1

I totally agree with you that geo-blocks are trivial. But I can't understand why Fortinet implement geo-blocks feature in 7.2 (GUI implement) but don't make it more flexible like use their own features (external connector lists and so on).
Yes, I can install a perimeter firewall in front of the fortigate that has SSL VPN active, but that's not as easy as configure the local in policy.

It seems like there is no way so far. Thank you as well.

Christoph1
New Contributor II

Found a solution. 
SSL VPN Hardening 


Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors