Hello,
I am seeing constant alerts on my Fortigate under sslvpn events "sslvpn login failed"
This is not coming from the authorized users. Is there anything that can be done on it.
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @sam653
You can refer to following resource:
This will walk you over the steps to strengthen the SSL VPN
Hello @sam653
You can refer to following resource:
This will walk you over the steps to strengthen the SSL VPN
Hello @sam653
In addition to the above given document, Kindly also refer to the following document which explains how to secure and limit an SSL VPN unknown user login
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-secure-and-limit-an-SSL-VPN-unknown...
Thanks and Regards,
Harmandeep Kaur Jhajj
Greetings @sam653
You can also configure an automation stitch in order to permanently block failed login attempts:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-permanently-block-SSL-VPN-failed-lo...
Hello @sam653
One other option to block these attempts is via local in policy.
With local in policy the attempt is blocked before any processing is done by fortigate so this will not generate any logs.
Here is an article with more information on this:
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/363127/local-in-policies
You can use geo location address object in source if the attempts are coming from specific countries:
Regards,
Varun
Try to use ZTNA rather than sslvpn as this is more secure as per:
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/194961/basic-ztna-configuration
Hope this help
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.