07-07-2024 11:50 PM - edited 07-11-2024 03:09 AM
Hello everybody
could someone help me with the following question
How to block the user in global protect if you enter the wrong user several times?
I would like to know if there is a way to block a user for a certain amount of time if you enter the wrong credentials, is it possible?
Regards
07-11-2024 06:43 AM
What are you using as a user directory and how are you authenticating the user? If your using something like Active Directory via RADIUS, you could implement this via an account lock-out policy upon a specified number of failed login attempts. Just be mindful that someone could utilize your gateway to lock out users in your environment. You can specify a lock-out duration so that you don't need to manually unlock the account if you wish as well.
Likewise you could follow https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJ2CAK to setup automatic IP blocking for a specified duration as well whenever the firewall itself detects a brute force attack.
I'm partial to using the API to analyze this sort of activity because it allows more flexibility and custom response handling (like cross-comparing information sources to verify whether or not it's actually a user who's simply forgot their credentials). This has the added benefit of being able to quarantine the endpoint itself so that it can't login regardless of the IP address that it's attempting to login from once you want to restrict it programmatically.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
