https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-brute-force/m-p/627322#M6130 <P>Hello,</P> <P>&nbsp;</P> <P>I have see this discussed a bit but was wondering if there is any way to prevent a brute force attack on the VPN gateway. I have disabled the portal page and set up a vulnerability policy but that does not seem to get triggered I also have edl policies. We are using 2-factor so I think it is secure but I would like to prevent this if possible. I was thinking maybe changing the portal name and adding device certs if that would help.</P> <P>&nbsp;</P> <P>Thanks</P> Tue, 19 Nov 2024 15:19:20 GMT MFacella1 2024-11-19T15:19:20Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-brute-force/m-p/627322#M6130 <P>Hello,</P> <P>&nbsp;</P> <P>I have see this discussed a bit but was wondering if there is any way to prevent a brute force attack on the VPN gateway. I have disabled the portal page and set up a vulnerability policy but that does not seem to get triggered I also have edl policies. We are using 2-factor so I think it is secure but I would like to prevent this if possible. I was thinking maybe changing the portal name and adding device certs if that would help.</P> <P>&nbsp;</P> <P>Thanks</P> Tue, 19 Nov 2024 15:19:20 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-brute-force/m-p/627322#M6130 MFacella1 2024-11-19T15:19:20Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-brute-force/m-p/629350#M6136 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190007">@MFacella1</a>,</P> <P>&nbsp;</P> <P>I would say, after all you've done thus far, authenticating via device certs should suffice as only&nbsp;approved devices can initiate VPN connections. If you want additional measures, you sure can&nbsp;obfuscate the portal name.</P> <P>&nbsp;</P> Wed, 20 Nov 2024 04:27:39 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-brute-force/m-p/629350#M6136 JayGolf 2024-11-20T04:27:39Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-brute-force/m-p/629802#M6137 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190007">@MFacella1</a>&nbsp;wrote:<BR /><P>Hello,</P><P>&nbsp;</P><P>I have see this discussed a bit but was wondering if there is any way to prevent a brute force attack on the VPN gateway. I have disabled the portal page and set up a vulnerability policy but that does not seem to get triggered I also have edl policies. We are using 2-factor so I think it is secure but I would like to prevent this if possible. I was thinking maybe changing the portal name and adding device certs if that would help.</P><P>&nbsp;</P><P>Thanks</P><HR /></BLOCKQUOTE><P><SPAN>Hello,<BR />To prevent brute force attacks on your VPN gateway, consider implementing the following measures:</SPAN></P><OL><LI><P><SPAN><STRONG>Limit login attempts</STRONG>: Set a threshold for failed login attempts and temporarily block IPs after reaching the limit.</SPAN></P></LI><LI><P><SPAN><STRONG>Use strong passwords</STRONG>: Enforce complex password policies.</SPAN></P></LI><LI><P><SPAN><STRONG>Enable account lockout</STRONG>: Lock accounts after multiple failed attempts.</SPAN></P></LI><LI><P><SPAN><STRONG>Implement two-factor authentication (2FA)</STRONG>: You're already using 2FA, which is great!</SPAN></P></LI><LI><P><SPAN><STRONG>Change default ports</STRONG>: Use non-standard ports for the VPN gateway.</SPAN></P></LI><LI><P><SPAN><STRONG>Monitor and alert</STRONG>: Set up alerts for unusual login activities.<BR /><BR />Best Regards,<BR />Sonia Lewis</SPAN></P></LI></OL> Wed, 20 Nov 2024 05:22:15 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-brute-force/m-p/629802#M6137 sonia598lewis 2024-11-20T05:22:15Z