Blocking a host name to access global protect gateway?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Blocking a host name to access global protect gateway?

L3 Networker

Hi everyone,

 

I’ve been getting a lot failure logins for my GP gateway from a same host name ‘my laptop’ with different ip addresses. 

 

Is there a way to block a host name to access GP gateway?

 

Thanks.

4 REPLIES 4

Community Team Member

Hi @tinhnho ,

 

You can't block via hostname, but you can via IP. Are you saying that there is a user within your org that is using the same username as you and is trying to login?

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hi JayGolf,

 

No, no one from my organization is using the same username as me to try to log in.

 

There are many attempts from same hostname 'my laptop' that uses different usernames (most of the username are bogus) with different ip addresses. I found a URL below that mentions block a hostname on PanOS 9.1 https://origin-docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/network-...

 

I block multiple IP addresses of that specific hostname but but he always have new IP addresses everytime he attempts.

If we can block a hostname, we maybe able to stop these attempts. I wonder if there is a way.

L0 Member

Our org is also experiencing this. 4-5 different host-names like "mypc" with hundreds of bogus usernames from hundreds of ips (typically hosting providers and never residential public ips)

If palo doesn't have a solution i might look into using our siem and create a rule that matches traffic from the malicious host-name to our vpn ip/fqdn and dump the malicious ips into an existing ip-block-list EDL.

At least that way the ips are dynamically added and blocked.

 

Keep me posted if you find something though!

Hi, I use EDL and manually insert those bogus hostnames' IP addresses into EDL; it helps but is time-consuming. What siem tool do you use? does its rule dump malicious ips into EDL automatically? 

 

A friend of mine, he uses local cert issued by his company local CA on all the laptop and it helps. I haven't tried yet but look into it. 

  • 864 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!