Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

VPN Portal getting hammered by password spraying attacks - Russia and elsewhere

On September 4, our Firewall VPN Portal was attacked from IP 92.53.65.166 (Russia) with hundreds of login attempts for different usernames. After bloicking this, today (September 8) we have been hammered by another attack, this time from hundreds of different IP's around the world. I have disabled the VPN Portal to stop this, but this breaks our ssl vpn and provisioning. I have put in place blocked countries and blocked malware IP groups, but this is a game of wack-a-mole. Our VPN Portal is not even using the default 443 port. Is there anything else that could be done?



Added TAGs
[edited by: Raphael Alganes at 2:41 AM (GMT -7) on 9 Sep 2024]