- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-24-2025 01:23 AM
I now that this topics was discussed 100X times about GlobalProtect bruteforce.
It is possible po setup GlobalProtect policy in a way, if a user is not part of any AD group, than no AD/LDAP authentication is beeing trigered to internal AD.
We are seeing bruteforce attempt with non-existing AD users and we want to limit this.
Br, Luka
01-25-2025 08:52 PM
This isn't a possibility in PAN-OS at the moment. PAN-OS will always attempt to authenticate the user provided and then validates that user against the allow list if the authentication was successful.
You could automate blocking any IP address that attempts to login with an invalid username easily before waiting for a bruteforce to actually be identified. I'd personally have some logic to validate that the IP address isn't in the list of the current or previous users for the gateways prior to blocking it though; people have sausage fingers and you'd need a bit of logic to prevent blocking legitimate users who just mistype their username.
01-27-2025 12:15 AM
Is there any chance to push this feature into development? Does anybody knows how to report to PA to do it?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!