- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Setting up Automation Stitch for SSL VPN Login failed
Hi
We have a case where we need to block IP of SSL VPN login fail for an amount of attempts within like 5-10minutes repeated attempts using automation stitch.
We already have the FortiAnalyzer and Fortigate Setup. The only problem we have is that the FortiAnalyzer is giving the wrong value in the $remip variable in the FortiGate Event Handler
An example of IP 192.168.1.1 becomes 192.168.1.1,,
With two commas in which the FortiGate CLI does not accept
What possible solution will be able to be done to get the IP without commas or sanitize the string in the CLI script?
Or make sure that FortiAnalyzer is giving the correct IP format?
- Labels:
-
FortiAnalyzer
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
You don't need automation stitch for that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This is only limiting the duration of each attempt. Our desired goal is to permanently block these IP if they violate our conditions, and manually validate if they are coming from a valid IP user.
FortiAnalyzer is already able to fetch the remote IP. And Fortigate is able to get that using EventHandler, the IP just need to be properly formatted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi maplesyrup,
How did you manage to block the IP address that made, for example, 3 incorrect attempts at a certain interval, using automation stitching? I found an automation configuration as follows, but it blocks the IP on the first incorrect attempt.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds like a bug in FortiAnalyzer. Have you reported it?
