https://live.paloaltonetworks.com/t5/general-topics/best-way-to-prevent-brute-force-attacks-ldap-on-public-facing/m-p/147680#M49416 <P>We are using Server 2012r2 RDS gateway&nbsp;and have the PA configured to with a security policy to allow the untrusted traffic (ssl, rds, http) &nbsp;that is NATed to the internal rds gateway. &nbsp; We are seeing a lot of failed audits in the logs on the terminal server. &nbsp;What is the best way to prevent brute force attacks for logins to Active Directory?</P> Tue, 14 Mar 2017 17:09:57 GMT Ebernardo 2017-03-14T17:09:57Z https://live.paloaltonetworks.com/t5/general-topics/best-way-to-prevent-brute-force-attacks-ldap-on-public-facing/m-p/147680#M49416 <P>We are using Server 2012r2 RDS gateway&nbsp;and have the PA configured to with a security policy to allow the untrusted traffic (ssl, rds, http) &nbsp;that is NATed to the internal rds gateway. &nbsp; We are seeing a lot of failed audits in the logs on the terminal server. &nbsp;What is the best way to prevent brute force attacks for logins to Active Directory?</P> Tue, 14 Mar 2017 17:09:57 GMT https://live.paloaltonetworks.com/t5/general-topics/best-way-to-prevent-brute-force-attacks-ldap-on-public-facing/m-p/147680#M49416 Ebernardo 2017-03-14T17:09:57Z https://live.paloaltonetworks.com/t5/general-topics/best-way-to-prevent-brute-force-attacks-ldap-on-public-facing/m-p/147720#M49421 <P>Ideally you would setup a DoS classified profile and set the limits that you feel are required.</P><P>Just as a side note though there are plenty of products and open source projects that could be setup to read your failed login attempts and once they pass a set threshold feed into a list that you could use as an EBL on the firewall to build a security policy. Just a thought.&nbsp;</P> Tue, 14 Mar 2017 19:23:08 GMT https://live.paloaltonetworks.com/t5/general-topics/best-way-to-prevent-brute-force-attacks-ldap-on-public-facing/m-p/147720#M49421 BPry 2017-03-14T19:23:08Z