I've seen some brute force attempts to login in to my VPN.
Due to very large passwords and usernames, they could not log in.
I would like to know, how i can limit these attempts for login for VPN?
set system login retry-options tries-before-disconnect 5 set system login retry-options backoff-threshold 3 set system login retry-options backoff-factor 10 set system login retry-options lockout-period 4
This is already done but for local accounts i guess?
These configuration is for firewall login attempts and does not apply for Dynamic VPN users . And we do not have an option available in SRX to do so . checked in Pulse and did not find either .
So only way as I see will be to apply a firewall filter on Dyn-VPN interface to restrict HTTPS access to legitimate users since the initial pulse connection will be initiated using HTTPS and if we reject them in firewall filer , this will protect the RE from these attacks . This is just a temporary work around that I can think of .
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....