SRX Services Gateway
SRX Services Gateway

VPN Junos Pulse restrict attempts to login

‎03-21-2017 01:12 PM

Hi all,


I've seen some brute force attempts to login in to my VPN.

Due to very large passwords and usernames, they could not log in.


I would like to know, how i can limit these attempts for login for VPN?






set system login retry-options tries-before-disconnect 5
set system login retry-options backoff-threshold 3
set system login retry-options backoff-factor 10
set system login retry-options lockout-period 4


This is already done but for local accounts i guess?


SRX Services Gateway

Re: VPN Junos Pulse restrict attempts to login

‎03-21-2017 07:04 PM

Hello ,


These configuration is for firewall login attempts and does not apply for  Dynamic VPN users . And we do not have an option available in SRX to do so . checked in Pulse and did not find either .

So only way as I see will be to apply a firewall filter on Dyn-VPN interface to restrict HTTPS access to legitimate users since the initial pulse connection will be initiated using HTTPS and if we reject them in firewall filer , this will protect the RE  from these attacks .  This is just a temporary work around that I can think of . 


Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....