- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-30-2024 08:23 PM
Hi everyone,
I’ve been getting a lot failure logins for my GP gateway from a same host name ‘my laptop’ with different ip addresses.
Is there a way to block a host name to access GP gateway?
Thanks.
10-02-2024 11:27 AM
Hi @tinhnho ,
You can't block via hostname, but you can via IP. Are you saying that there is a user within your org that is using the same username as you and is trying to login?
10-02-2024 01:59 PM - edited 10-02-2024 02:02 PM
Hi JayGolf,
No, no one from my organization is using the same username as me to try to log in.
There are many attempts from same hostname 'my laptop' that uses different usernames (most of the username are bogus) with different ip addresses. I found a URL below that mentions block a hostname on PanOS 9.1 https://origin-docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/network-...
I block multiple IP addresses of that specific hostname but but he always have new IP addresses everytime he attempts.
If we can block a hostname, we maybe able to stop these attempts. I wonder if there is a way.
10-16-2024 07:16 AM
Our org is also experiencing this. 4-5 different host-names like "mypc" with hundreds of bogus usernames from hundreds of ips (typically hosting providers and never residential public ips)
If palo doesn't have a solution i might look into using our siem and create a rule that matches traffic from the malicious host-name to our vpn ip/fqdn and dump the malicious ips into an existing ip-block-list EDL.
At least that way the ips are dynamically added and blocked.
Keep me posted if you find something though!
12-03-2024 08:57 AM
Hi, I use EDL and manually insert those bogus hostnames' IP addresses into EDL; it helps but is time-consuming. What siem tool do you use? does its rule dump malicious ips into EDL automatically?
A friend of mine, he uses local cert issued by his company local CA on all the laptop and it helps. I haven't tried yet but look into it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!