Lets summarize what we have found out until today: Most of the administrators saw a rised number of the following log messages in the “VPN Event Log” on the FortiGate / FortiAnalyzer.Īnd no, there’s no spelling mistakes in the title… That’s the way the log message is named: date= time=11:22:33 logid="0101039426" type="event" subtype="vpn" level="alert" vd="root" eventtime=1629710539 logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=11.22.33.44 user="administrador" group="N/A" dst_host="N/A" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in" Therefore, this post is still very relevant.) But messages are still shown from time to time, since scanning is going on over the internet all the time. (Edit: That was back in August of 2021 and the big “scanning” ended around two weeks after it has started. Since last week, we observed a lot of failed SSL-VPN login events on various FortiGate setups.
0 Comments
Leave a Reply. |