SSL VPN multiple failed logon attempts from TOR IPs
I found many articles that help geo-block IP Addresses that try to connect on SSL VPN. Now we face many attempts out of the TOR network. Fortigate has the TOR_Exit_node as an Internet Service Database, and it can also be added as external Connector, but local in Policies can't be configured with either. Is there a way I miss? Fortigate has version 7.0.12/6.4.14.
Correct, local-in policies (traffic to the FortiGate itself) can't use more advanced objects like this. I have some customers front-end their SSL VPN firewall with a "perimeter" firewall to do just that.
I totally agree with you that geo-blocks are trivial. But I can't understand why Fortinet implement geo-blocks feature in 7.2 (GUI implement) but don't make it more flexible like use their own features (external connector lists and so on). Yes, I can install a perimeter firewall in front of the fortigate that has SSL VPN active, but that's not as easy as configure the local in policy.
It seems like there is no way so far. Thank you as well.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.