Showing posts with label policy. Show all posts
Showing posts with label policy. Show all posts

Wednesday, March 22, 2017

Set up IPS on Fortigte firewall to block brute force RDP attacks

Like most people, my terminal servers are constantly being probed via brute force attacks trying to find a weak spot.  The better answer is to put the terminal server behind a VPN.  Short of that, I like setting up Duo Security for two factor authentication.  Another alternative (and perhaps in addition to Duo) is to detect and protect against brute force attacks on your firewall.

Here's how I configure that on my Fortigate firewall.

First, enable the Intrusion Prevention module (if not already done) in Config -> Features




First, I enable the IPS rule for RDP brite force attacks. I set a threshold of 15 over 900 seconds (15 minutes) with a block duration of 259200 seconds (3 days).




















Then you go to your RDP policy and set the default policy for your RDP policy.




















That's all you need to do.  If you want to see what IP addresses have been blocked, go to Log & Report -> Security Log -> Intrusion Protection





















Posted by at No comments:
Labels: , , , , , , ,

Wednesday, March 4, 2015

using rsop.msc to check group policies applied to a domain machine

In troubleshooting another problem, I came across a suggestion to run rsop.msc on the client machine.  Rsop.msc displays all the group policies that are applied to a domain machine.  In my case, it helped me track down a group policy that was forcing machines on the domain to never go to sleep.  I guess that policy makes sense with desktops, but a particular user did not want this behavior on his laptop.

Anyway, rsop.msc made this much easier and is a tool I'll keep in mind.
Posted by at No comments:
Labels: , , , , ,

Wednesday, August 27, 2014

Configuring VOIP priority on a Fortigate firewall

IMPORTANT NOTE - If you are sending your voice traffic over a route based IPSec VPN, the WAN interface you'll be referencing will the the name of the VPN interface (for example DCtoSF instead of WAN1).


I put together this list of CLI commands to enter on a Fortigate firewall to give VOIP traffic priority.  Some instructions may vary based on your setup, but I took most of these from Fortigate cookbooks and then fixed all the typos.  I use the CLI commands because the GUI (my preference) didn't have all the options where they were supposed to be in my test box.  I tested this on Fortigate 40C running version 5.0 of the firmware.

config firewall shaper traffic-shaper
edit voip
set maximum-bandwidth 1000
set guaranteed-bandwidth 800
set per-policy enable
set priority high
end


then

config firewall policy
edit 6
set srcintf internal
set srcaddr all
set dstintf wan1
set dstaddr all
set action accept
set schedule always
set service SIP
set traffic-shaper voip
set traffic-shaper-reverse voip
end


Please also note these steps for disabling SIP ALG and other processes to allow VOIP phones behind a Fortigate firewall.
Posted by at 1 comment:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)