Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience.
11-09-2023 03:52 PM
I've just recently started getting blasted with Global Protect portal pre-login failures, coming from a bunch of illegitimate IP's. They all fail because I use certificate authentication and the client cert is not present on the attacker's device. I have have the NGF set up to email me every time this happens and I'm getting just blasted with emails. I only use Global Protect for remote management.
See screenshot of some of the IP's attempting to gain access. I keep blocking IP's but then the attacker uses new ones.
My question is, is there a way to automatically block IP's after a certain number of Global Protect pre-login failures?
Thanks!
