Hello,
Is there a fail2ban-like feature in Fortigate? I'm running VPN server on my 60f and I want it to block all IPs with more than 3 failed login attempts
Thank you
You can have your VPN terminated on a loopback and set up an IPS profile on the resulting FW policy that would be required.
Hi,
you don't really need fail2ban as there is a built-in feature for this in Fortigate:
CLI:
config vpn ssl settings
set login-attempt-limit [0-10] Default is 2.
set login-block-time [0-86400] Default is 60 seconds.
end
You can ban the failed logins IP for a duration of up to 24 hours.
Thank you
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.