Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
andrewm568
New Contributor

Created on ‎04-25-2011 12:53 PM

Blocking users/IP' s after failed auth attempts

When using SSL VPN with local userids, is there a way to block authentication attempts after multiple failures within a configurable time - eg from the same IP or same userid? I do see suitable configuration items in the USER SETTING cli (eg auth-invalid-max), but they don' t seem to make any difference for me with SSLVPN - maybe they' re only for firewall policies? This is 4.0 MR3
10193
0 Kudos
6 REPLIES 6
Fullmoon
Contributor III

Created on ‎04-25-2011 06:41 PM

I dont think there is a work around for that.by default configuration of ssl vpn if the the user attempted to login ssl vpn using mismatch username and password 3 times,automatically fortigate will dispaly a message sort of " Too many bad login attempts. Please try again in a few minutes. "

Fortigate Newbie

Fortigate Newbie
5875
0 Kudos
andrewm568
New Contributor

Created on ‎04-25-2011 11:32 PM

Yeah that' s exactly what I' m seeing. It' d be nice if the " default" could be changed!
5875
0 Kudos
StefanK
New Contributor

Created on ‎04-26-2011 06:56 AM

For admins it should be changeable, though i have never done so before. Take a look at your versions cli reference guide, and also at your config unter " conf sys global" , there " admin-lockout-duration" and " admin-lockout-threshold" . Maybe this' ll work, but i' m only guessing because of the displayed error, which is the same i' m getting without my morning pot of coffee, when my fingers don' t agree with my head
5875
0 Kudos
andrewm568
New Contributor

Created on ‎04-26-2011 12:06 PM

Thanks - my fingers never agree with my head! I just tried changing those params, but it made no difference at the SSL VPN portal. But you' re right that those default values (3 attempts, around 60 seconds lockout) are the same as what I' m experiencing through the portal.
5875
0 Kudos
lmuir
New Contributor

Created on ‎04-28-2011 09:39 PM

There appears to be a #config user setting -> auth-blackout-time which according to the CLI guide - When a firewall authentication attempt fails 5 times within one minute the IP address that is the source of the authentication attempts is denied access for the <blackout_time_int> period in seconds. The range is 0 to 3600 seconds. Might work?
5874
0 Kudos
andrewm568
New Contributor

Created on ‎04-29-2011 12:50 PM

You' d think - it' d certainly be logical, but it doesn' t work. It was actually one of the ones I tried in my first post
5874
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.