Over the past year, the amount of low and slow botnet authentications to
numerous end-customer SSL VPN portals has been increasing. This is where
the attacks do not trip the native brute force measures in a FortiGate
and the wave of attacks comes in ...
Appreciate your feedback! We are using the FortiGate Automation feature
to test failed logins for specific/generic usernames that the botnets
tend to lead with, add those attempts IPs to a well crafted IP address
object and address group we name 'SSL...
We already have the SSL VPN portal more locked down than your local-in
example. We use as I mentioned the method of pinning the SSL VPN
services to a loopback IP, then use NAT firewall policies to protect the
service with DOS, IPS, Geo blocking, IP R...
