Created on 10-16-2024 02:17 PM
Hello,
I am seeing constant alerts on my Fortigate under sslvpn events "sslvpn login failed"
This is not coming from the authorized users. Is there anything that can be done on it.
Thanks
Solved! Go to Solution.
Created on 10-16-2024 02:18 PM
Hello @sam653
You can refer to following resource:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-SSL-VPN-best-practices-guide/ta-...
This will walk you over the steps to strengthen the SSL VPN
View solution in original post
Created on 10-16-2024 02:24 PM
Hello @sam653 In addition to the above given document, Kindly also refer to the following document which explains how to secure and limit an SSL VPN unknown user loginhttps://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-secure-and-limit-an-SSL-VPN-unknown...Thanks and Regards,Harmandeep Kaur Jhajj
Created on 10-16-2024 02:38 PM
Greetings @sam653
You can also configure an automation stitch in order to permanently block failed login attempts:https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-permanently-block-SSL-VPN-failed-lo...
Created on 10-17-2024 02:17 PM
One other option to block these attempts is via local in policy.
With local in policy the attempt is blocked before any processing is done by fortigate so this will not generate any logs.
Here is an article with more information on this:
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/363127/local-in-policies
You can use geo location address object in source if the attempts are coming from specific countries:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-by-country-or-geolocation/ta-...
Regards,
Varun
Created on 10-17-2024 02:28 PM
Try to use ZTNA rather than sslvpn as this is more secure as per:
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/194961/basic-ztna-configuration
Hope this help
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
