Comprar o Renovar
Comprar o Renovar
cancelar
Activar sugerencias
La sugerencia automática le ayuda a obtener, de forma rápida, resultados precisos de su búsqueda al sugerirle posibles coincidencias mientras escribe.
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
Iniciar una conversación
126
Visitas
0
ÚTIL
0
Respuestas

Filtering a webVPN attacked by Brute Force Attack (FMC)

Vicente Miño
Level 1
Level 1

‎02-15-2025 05:40 AM - editado ‎02-17-2025 03:33 AM

Hi to everyone, I'm opening this thread because I have a question and your advice would really be helpful.

Is there a way to block access to the webvpn portal in Cisco FMC/FTD?  We have recently been receiving login attempts with different users that do not belong to us and everything points to it being a brute force attack.

Tests performed:

1) Connection events. Nothing showed.

2) Logs in the console, but they are too many and not very readable.

3) Capture of traffic with packet capture and Unified events in real time. Too much tcp/udp sessions and its impossible to track correctly.

4) Block everything and allow only the public IPs of the workers. It is not possible because the ISPs change the public IPs every so often (even weeks)

I have been told in other forums that it is not possible to filter because if the webvpn platform is raised from the same interface of the Firewall with a public IP, it becomes control plane and not a data plane and these geolocation ACLs doesn´t filter that traffic.

Any help or advice is welcome.

Greetings,

Etiquetas:
0 Útil
0 RESPUESTAS 0

Navegue y encuentre contenido personalizado de la comunidad

Documentos de Seguridad Videos de Seguridad Otros Eventos de Seguridad
Customers Also Viewed These Support Documents