Good day friends.
due to constant news about large scale brute force campaigns targeting SSH devices targeting cisco, fortinet, checkpoint devices. What recommendations could be provided for FortiGate equipment?
Same as any other vendor. Do not enable admin access from the outside. Use certificate based authentication, SAML, MFA, etc.
As mentioned brute force attack is coming for Tor then you can deny all incoming connections from Internet service Tor-Exit.Node ( don't forget to check match-vip is enabled on deny policy).
Hi @unknown1020,
Please refer to https://docs.fortinet.com/document/fortigate/7.4.0/best-practices/555436/hardening
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.