This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block VPN Brute force

I have a basic IPSec VPN configured at the moment (PSK, Username, Password) which allows remote users to connect via Sophos Connect. However it doesn't seem to lock out after a certain number of tries at logging in. Is there a way to prevent brute forcing?



This thread was automatically locked due to age.
Parents
  • Best practice would be to change your port from the common one to something different like most of us do.  But, if they aren't gaining access, then the UTM is doing the job.  It isn't something like a DDoS attack that is slowing you down, it's frankly just an attempt.  If you are seeing the block in your logs, then really not much to worry about. 

    Country Blocking is another option if you think it will help.  I use Country Blocking for the usual suspects - China, Russia, Iran, etc. because that's where I see the majority of my port sniffing coming from, and my VPN attempts.  So I block any 'From' traffic from those.

    If it's something that turns into DDoS, then contact your internet provider.  They are a lot more effective at blocking things on their end than you can on your end.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • Best practice would be to change your port from the common one to something different like most of us do.  But, if they aren't gaining access, then the UTM is doing the job.  It isn't something like a DDoS attack that is slowing you down, it's frankly just an attempt.  If you are seeing the block in your logs, then really not much to worry about. 

    Country Blocking is another option if you think it will help.  I use Country Blocking for the usual suspects - China, Russia, Iran, etc. because that's where I see the majority of my port sniffing coming from, and my VPN attempts.  So I block any 'From' traffic from those.

    If it's something that turns into DDoS, then contact your internet provider.  They are a lot more effective at blocking things on their end than you can on your end.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
No Data