Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 2857 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Too many failed sign-in attempts from WAN Address..

cm00001

Hello,

I am puzzled for something that just happened to me. I got this alert from the XG today:

Subject: *ALERT* Sophos XG Firewall - Too many failed sign-in attempts

Device Information:
Hostname: <XG FIrewall FQDN>
Management Interface IP: Not configured/Not available
Date/Time: 2020-11-02 15:57:25
Alert ID: 17913

Message:
The administrative access from IP Address '40.97.230.101' is blocked for '5' minutes after '5' unsuccessful login attempts

If the only service allowed to the firewall from outside is SSL-VPN, how could "40.97.230.101" try to access the administrative access for 5 times?

Thank you!



This thread was automatically locked due to age.
Parents
  • 0

    Assuming you do not have a Local ACL Exception configured, the SSLVPN will share the port of the User portal. 

    Do you use SSLVPN on Port 443? Those blocks could be generated by the User Portal. Can you look up the logviewer - Authentication and look for the "Facility"? 

Reply
  • 0

    Assuming you do not have a Local ACL Exception configured, the SSLVPN will share the port of the User portal. 

    Do you use SSLVPN on Port 443? Those blocks could be generated by the User Portal. Can you look up the logviewer - Authentication and look for the "Facility"? 

Children
No Data