https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559894#M4451 <P>Thanks Raido</P> <P>&nbsp;</P> <P>I will try the vulnerability Profile. When I go to the Auth profile and advanced, I am only seeing the allow list.</P> <P>&nbsp;</P> <P>MJF</P> Thu, 28 Sep 2023 16:26:38 GMT MFacella1 2023-09-28T16:26:38Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559709#M4441 <P>Hello,</P> <P>&nbsp;</P> <P>I would like to set f<SPAN>ailed attempts and lockout time on my Global Protect auth profile&nbsp;but I do not see where I can set this. The only place I see these settings is in the global profile but I would like to set this only&nbsp;for Global&nbsp;Protect. I am using v&nbsp;10.2.4-h2</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks for any&nbsp;</SPAN>thoughts.</P> <P>&nbsp;</P> <P>MJF</P> <P>&nbsp;</P> Wed, 27 Sep 2023 15:29:33 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559709#M4441 MFacella1 2023-09-27T15:29:33Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559871#M4448 <P>Lockoud time can be configured at&nbsp;<BR />Device &gt; Authentication Profile &gt; Auth-Profile-Name &gt; Advanced tab</P> <P>&nbsp;</P> <P>You can also adjust vulnerability signature 40017 (Objects &gt; Security Profiles &gt; Vulnerability protection) if source IP should be blocked after specific number of failed login attempts.</P> Thu, 28 Sep 2023 13:58:17 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559871#M4448 Raido_Rattameister 2023-09-28T13:58:17Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559891#M4450 <P>Hello,</P> <P>If your GP uses something like active directory, you could use a GPO to set something like, lockout after &lt;&gt; failed attempts and unlock after &lt;&gt;minutes.</P> <P>&nbsp;</P> <P>Regards,</P> Thu, 28 Sep 2023 16:16:13 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559891#M4450 OtakarKlier 2023-09-28T16:16:13Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559894#M4451 <P>Thanks Raido</P> <P>&nbsp;</P> <P>I will try the vulnerability Profile. When I go to the Auth profile and advanced, I am only seeing the allow list.</P> <P>&nbsp;</P> <P>MJF</P> Thu, 28 Sep 2023 16:26:38 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559894#M4451 MFacella1 2023-09-28T16:26:38Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559896#M4452 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Raido_Rattameister_0-1695918490275.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/54039i50D8CA7CFF350568/image-size/medium?v=v2&amp;px=400" role="button" title="Raido_Rattameister_0-1695918490275.png" alt="Raido_Rattameister_0-1695918490275.png" /></span></P> <P>&nbsp;</P> <P>SAML Profile for example don't have this option. You need to configure lockout on SAML/2FA provider side.</P> <P>&nbsp;</P> Thu, 28 Sep 2023 16:30:08 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/559896#M4452 Raido_Rattameister 2023-09-28T16:30:08Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/560406#M4466 <P>Can you provide details on how to do that?&nbsp; I've seen ID 40017 mentioned in older documentation but can't find anything that references how to do it.&nbsp; I'm trying to block IPs after a certain number of failed GP portal login attempts - I've got numerous brute force attempts happening.</P> Tue, 03 Oct 2023 19:39:13 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/560406#M4466 DSharretts 2023-10-03T19:39:13Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/560416#M4467 <P>If you go to Objects security profiles you can create a vulnerability profile there. If you add a vulnerability profile you can go to Exceptions and check all signatures then search for 40017 to edit. I was able to stop the brute force attacks by disabling the VPN web portal page because all my VPN users are using the client.</P> Tue, 03 Oct 2023 21:11:52 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/setting-failed-attempts-and-lockout-time/m-p/560416#M4467 MFacella1 2023-10-03T21:11:52Z