Auto-block REJECTED user?
We are getting thousands of VPN attempts on our T45. This is from people trying to guess username/pass combinations, not a big deal.
2025-02-21 13:30:01 wgcgi SSL VPN user noelle@Firebox-DB from 193.46.255.99 was rejected - Unspecified.
Will enabling "Block IP addresses with consecutive failed logins" under Authentication-Settings do the trick or does that only apply to FAILED logins regarding user/password?
Just wondering if REJECTED is handled under that action
Thanks!
0
Sign In to comment.
Comments
Hi @StimsonStudio
Rejected will count as a failed login for that feature.
Please check out the article here that goes over other mitigating steps you can take:
Detect and mitigate brute force attacks that target Mobile VPN with SSL (SSLVPN)
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000BcPmSAK&lang=en_US
-James Carson
WatchGuard Customer Support