If you add your address object that contains each of your banned IP or
Geo locations and apply the address object to your local-in-policy,
banning IP addresses do work (as long as the attacker doesn't change
IPs). Here is what I use on WAN1, WAN2, an...
These are all standard best practices and have been implemented on all
of our customers' firewalls. Again, the port number makes no difference
to a bot. Our typical block list contains 88 elements, (38 class C or
greater ranges in the US - mostly dat...
Bots don't care about the port number. We run the port in the 10K range
and it gets probed a lot, daily. The SSLVPN login page is a HTTP based
page. The point here is that you cannot disable the web GUI page for
SSLVPN so even if you remove HTTP(S) a...
I am using local-in-polices and have three interfaces to protect, WAN1,
WAN2, and the SSLVPN port. (SSLVPN isn't really an interface but needs
to be called out specifically from what I have seen.) I still see bots
attempting to log in at a very slow ...
What about the SSL VPN web interface? You can't disable that on the WAN
interface when it's required to establish remote connections. pszewczyk
is correct, FortiGate needs to include a way to auto-ban bad login
attempts over long periods of time...sa...
