SSLVPN - many failed logonattempts in authpoint autitlog
We are seeing failed login attempts almost every second. Obviously vpn logins are being attempted at random. Some failed login attempts in the form "radius\username" even lead to them being blocked in AD if the username actually exists.
Where would you start to prevent such login attempts?
Geolocation in the "Watchguard SSL VPN policy"?
How do I get the IPs of the failed logins into the blocked sites list?
0
Sign In to comment.
Comments
There is a new option in V12.10.4 to block brute force login attempts, and includes a setting for the number of hours for the IP addr to be blocked..
See the "Configure Block Failed Logins Settings" section, here:
Set Global Firewall Authentication Values
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/global_auth_settings_c.html