Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 2896 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Too many failed logins from several IP address for facility ssh

Hafiz Zulkifli

Our client detects multiple fail login message attempts from multiple IPs.
If by setting up that SSH only accessible from the internal network can solve this issue, can advise on how to perform it, and is any downside for this configuration?.


Firewall UTM SG330 

Firmware 9.508-10



This thread was automatically locked due to age.
Parents
  • +1

    Selamat pagi Hafiz and welcome to the UTM Community!

    I always remove the "Any" object from 'Allowed Networks' in 'WebAdmin Settings' and on the 'Shell Access' page.

    In the larger companies, I recommend limiting Internal IPs to only those of allowed Administrators.  Other than these large companies, I also use "Internal (Network)" in 'Allowed Networks'.

    I will also add a Network Group containing the three IPs from which I might access as well as the "(User Network)" object for me when I connect via Remote Access.  For the clients that want to be able to access SSH from outside the office, I recommend they add their "(User Network)" object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,
    Thanks for your advice, what that I configured at our client policy was, disable 'Any" on 'Allowed Network', add our client internal network segment and also I add our internal network segment for remote access.
    Hope what I configure will fix the issue, currently under monitoring to see if this issue still reoccurs.

Reply
  • 0 in reply to BAlfson

    Hi Bob,
    Thanks for your advice, what that I configured at our client policy was, disable 'Any" on 'Allowed Network', add our client internal network segment and also I add our internal network segment for remote access.
    Hope what I configure will fix the issue, currently under monitoring to see if this issue still reoccurs.

Children
No Data
Unfiltered HTML