https://live.paloaltonetworks.com/t5/globalprotect-discussions/multiple-bogus-credentials-on-gp-portal/m-p/583616#M5246 <P>I have noticed there are alot of random IPs that are trying to login to my GP portal. We are using pre-login method of GP so legit users do not login. GP starts and does an auto-login pre-windows login. The logs tell me these failures are coming from GP portal. They are not getting anywhere since a trusted cert on legit users PCs is required, but is there anyway to stop this from happening? Anyway to prevent users from trying to access my GP portal or gateway?</P> Sat, 13 Apr 2024 16:20:58 GMT S_Williams901 2024-04-13T16:20:58Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/multiple-bogus-credentials-on-gp-portal/m-p/583616#M5246 <P>I have noticed there are alot of random IPs that are trying to login to my GP portal. We are using pre-login method of GP so legit users do not login. GP starts and does an auto-login pre-windows login. The logs tell me these failures are coming from GP portal. They are not getting anywhere since a trusted cert on legit users PCs is required, but is there anyway to stop this from happening? Anyway to prevent users from trying to access my GP portal or gateway?</P> Sat, 13 Apr 2024 16:20:58 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/multiple-bogus-credentials-on-gp-portal/m-p/583616#M5246 S_Williams901 2024-04-13T16:20:58Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/multiple-bogus-credentials-on-gp-portal/m-p/583622#M5247 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/271836">@S_Williams901</a> ,</P> <P>&nbsp;</P> <P>You could ...</P> <P>&nbsp;</P> <OL> <LI>Disable the Portal Login Page under the General tab.&nbsp; That will stop the vast majority.</LI> <LI>Deny all countries to your GP portal and gateway except the ones you want.</LI> <LI>Deny all protocols to your GP portal and gateway except panos-global-protect and ipsec-esp-udp.</LI> <LI>Deny PANW and 3rd party EDLs inbound.</LI> </OL> <P>Obviously you would need to enable the portal login page and ssl if you want to download the client.&nbsp; (Technically, the portal login page is not required if you go to yourdoamin.com/global-protect/getsoftwarepage.esp, but that is another story.)</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Sun, 14 Apr 2024 00:15:22 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/multiple-bogus-credentials-on-gp-portal/m-p/583622#M5247 TomYoung 2024-04-14T00:15:22Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/multiple-bogus-credentials-on-gp-portal/m-p/584243#M5263 <P>Nothing stops a user from downloading a gp client somewhere on the internet and trying to hit my gateway with bogus usernames correct?</P> Thu, 18 Apr 2024 16:48:09 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/multiple-bogus-credentials-on-gp-portal/m-p/584243#M5263 S_Williams901 2024-04-18T16:48:09Z