Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 2857 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Too many failed sign-in attempts from WAN Address..

cm00001

Hello,

I am puzzled for something that just happened to me. I got this alert from the XG today:

Subject: *ALERT* Sophos XG Firewall - Too many failed sign-in attempts

Device Information:
Hostname: <XG FIrewall FQDN>
Management Interface IP: Not configured/Not available
Date/Time: 2020-11-02 15:57:25
Alert ID: 17913

Message:
The administrative access from IP Address '40.97.230.101' is blocked for '5' minutes after '5' unsuccessful login attempts

If the only service allowed to the firewall from outside is SSL-VPN, how could "40.97.230.101" try to access the administrative access for 5 times?

Thank you!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to emmosophos

    Thanks for the quick reply! 

    I was able to confirm the port for the User Portal was the same for the VPN. So in this case, the User Portal was not blocked in the WAN (even though it was under Device Access). 

    Once I changed the User Portal port to a different one, it was no longer accessible from the WAN.

    Since the User Portal was the source of these requests, why does the message says "administrative access"?