Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unusual incorrect login attempt in the Admin Portal

Hello, 

we have got a notification from the xg that a login was attempted for the admin portal. The admin portal is inaccessible from the internet.

Message:
The administrative access from IP Address '84.19.xxx.xxx' is blocked for '5' minutes after '5' unsuccessful login attempts

I have wondered how did the message come about?

In the authentication logs we have noticed that several incorrect login attempts have been made for the USER portal. The user portal was accessible from the internet (so we have deactivated it).

I have also checked the reports  > compliance > admin events / authentication and can't find a login try?

Any ideas?

Thanks and regards

Philipp



This thread was automatically locked due to age.
  • Hello Philipp,

    this is not the admin portal, this is the new vpn portal which is introduced in SFOS Version 20.

    So if you do not need the VPN portal, disable it at the WAN Zone.

    If you do use the VPN Portal to deploy your VPN configuration to your users, try to restrict failed login attempts at your authentication server(s)

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.