Getting logs in system event in FortiGate about "Admin login failed" and showing ip of the (Server connected to the internal network) as the source ip what to do? Is disabling SSH will work for it. or SNMP will work. Please suggest what solution we can do?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
source - 192.168.1.5 is the source that is trying to loging to Fortigate. Please check why this source is logging and also all the login failed. so may be some script or tools using wrong password.
This means that some program or human is trying to login to firewall from that particular server.
1> Check which program or person trying login ?
2> Verify if he is using correct credentials ?
3> If you don't want to login to the firewall from that server, Add trusted host configuration under the admin users.
For more details about trusted host and configuring security for admin users, visit the below link.
Created on 09-03-2024 11:23 PM Edited on 09-03-2024 11:24 PM
Hi rosatechnocrat,
Its showing only Server ip as source IP unable to capture any user IP logs
source - 192.168.1.5 is the source that is trying to loging to Fortigate. Please check why this source is logging and also all the login failed. so may be some script or tools using wrong password.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.