IP blocking based on failed authentication attempts
Recently a customer reported to me that on his domain controller he had received hundreds of authentication attempts and that the source IP was that of the Firewall.
Upon investigation, I detected that the attempts were coming from the SSL VPN gateway that WatchGuard enables when configuring this VPN.
Seeing the above, I wonder if it will be possible to block Source IP addresses based on failed authentication attempts in the WatchGuard VPN Portal? For example, after 3 failed attempts, the Firewall will automatically block the Source IP address.
0
Sign In to comment.
Comments
@D4rkSeven
The firewall can lock the user if it's a firebox-DB user, but it won't block the IP address.
You can disable the SSLVPN download page from your local firewall via the CLI, see:
(Plan Your Mobile VPN with SSL Configuration)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/configure_fb_for_mpvpn_ssl_c_before.html#Name
Look for the section in the article labeled "Software Downloads Page Hosted by the Firebox."
-James Carson
WatchGuard Customer Support