Hey folks,
My logs have been getting filled up for a long time. We have email-based two-factor authentication on but this situation still scares me. Our Firewall is accessible from the external IP and it seems folks are trying to use ssh. What should I tell you about what I see from the logs and what can I do to remedy this?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @ritterm ,
do you need access outside to your firewall? If yes, then I would suggest to:
1) Make admin accounts password stronger.
2) Optionally disable admin account, and create another super admin account with 2FA;
3) Change the default SSH port to another, as well as HTTPS GUI;
4) Optionally configure trusted hosts;
5) Provide access to FGT from terminal server, jumphost inside your local network.
Opening an edge firewall's admin ports to the internet is a no-go!
If you want to manage the FGT remotely, create a dial-up IPsec VPN. If really needed, you could restrict access from limited IP range, or country, via Local-In policy.
how do you restrict access from country or local in policy?
You have to create an address object Type Geography and select the country like described here. Than from CLI you can use this as a source for a local in policy:
config firewall local-in-policy
edit 1
set srcaddr "Atlas_IP"
Hi,
You may restrict HTTPS access to your Fortigate to specific country by referring to the below KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-HTTPS-access-from-certain-countri...
BR,
Manosh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.