SRX Services Gateway
Highlighted
SRX Services Gateway

VPN Junos Pulse restrict attempts to login

‎03-21-2017 01:12 PM

Hi all,

 

I've seen some brute force attempts to login in to my VPN.

Due to very large passwords and usernames, they could not log in.

 

I would like to know, how i can limit these attempts for login for VPN?

 

thanks!

 

 

PS:

set system login retry-options tries-before-disconnect 5
set system login retry-options backoff-threshold 3
set system login retry-options backoff-factor 10
set system login retry-options lockout-period 4

 

This is already done but for local accounts i guess?

 

1 REPLY 1
Highlighted
SRX Services Gateway

Re: VPN Junos Pulse restrict attempts to login

‎03-21-2017 07:04 PM

Hello ,

 

These configuration is for firewall login attempts and does not apply for  Dynamic VPN users . And we do not have an option available in SRX to do so . checked in Pulse and did not find either .

So only way as I see will be to apply a firewall filter on Dyn-VPN interface to restrict HTTPS access to legitimate users since the initial pulse connection will be initiated using HTTPS and if we reject them in firewall filer , this will protect the RE  from these attacks .  This is just a temporary work around that I can think of . 


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
Feedback