Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 1646 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Password Guessing / Unblock user not working?

UTMaddict

Hello,

I use the Block Password Guessing feature for the SSL VPN facility...
I've also enabled Drop packets from blocked hosts.

As far as I know I can unblock a user via Flush Authentication Cache button, right?

Because it looks like this isn't working. The traffic is still blocked after clicking the button. The user can only log in after a HA takeover (in my case).

Regards
Sebastian



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    The feature "Block Password Guessing" blocks the source IP address if there are multiple failed login attempts, it does not look for the username so clearing the authentication cache will not help. 

    The source IP address that reached out to maximum allowed password attempts will be blocked for configured seconds. 

    How many seconds did you configure to release the IP from the block list? 

    You should be able to see if the user's IP is blocked by this feature in packetfilter logs on UTM. 

    Thanks, 

  • 0 in reply to FormerMember

    You are completely right. I had a mistake in thinking Smiley

    Another question coming up:

    Is there a way to unblock such a blocked IP manually? 

  • FormerMember
    +1 FormerMember in reply to UTMaddict

    Hi ,

    Thank you for the update! :) 

    Apparently, there is no option to remove the blocked IP address from the backend; I have checked that in my LAB UTM. 

    However, there is one workaround, I used to use it when the source IP address gets blocked by the password guessing feature. Please change the time to lover value and then put it back as before; this will reset the block timer. 

    Note: Please remember to change the value back to default or original value.  

    Thanks,

  • 0 in reply to UTMaddict

    Hallo Sebastian,

    Just curious, what if you briefly put a Host object in the 'Never Block' list, [Apply], remove it and [Apply] - is the user unblocked?

    Or is this what you tried, Harsh?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to UTMaddict

    Hallo Sebastian,

    Just curious, what if you briefly put a Host object in the 'Never Block' list, [Apply], remove it and [Apply] - is the user unblocked?

    Or is this what you tried, Harsh?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML