Is there something like fail2ban for teh FVS336Gv3?
We run an asterisk PBX behind the FVS336Gv3. We have remote users who need to connect to the pbx, so SIP traffic is routed through the FVS336Gv3 to the PBX. There are lots of scanners out there that try brute force attacks on different extensions. Because we have strong passwords, theses attacks fail, but the pbx log is full of them. Is there a way to ban an IP address dynamically at the FVS336, after 20 attempts to connect within a fice seconds or something similar?
Thank you
Model: FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
You may want to try to create a LAN WAN Inbound Rule to block the services from the IP addresses to which the attacks would come from. Kindly read pages 230-233 of the FVS336Gv3 reference manual here about adding an IPv4 LAN WAN Inbound Rule.
Re: Is there something like fail2ban for teh FVS336Gv3?
Dane,
Thanks for your responce. I should have mentioned in my original post that I have made these rules manually, but as soon as I block on IP or group of IPs, another one pops up. So what I really would like to do is to have a dynamic inbound rule, that kicks in on any IP according to parameters that I would set, for instance twenty attempts within five seconds. The ban could either expire after a set period of time, like an hour, or I could clear it out every week or so. Do you know of any way to do that?
It seems that there is no option on the FVS336Gv3 settings to configure exactly the way you have described. Kindly try the following:
1. On the web-GUI of the FVS336Gv3, go to Security > Firewall > Attack Checks. Check the following boxes: Enable Stealth Mode, Block TCP Flood and Block UDP Flood. As reference, kindly read pages 268-270 of the FVS336Gv3 reference manual here about Manage Protection Against Common Network Attacks.
2. On the web-GUI of the FVS336Gv3, go to Security > Firewall > Session Limit. Then, set the liimits for IPv4 Sessions. As reference, kindly read pages 274-276 of the FVS336Gv3 reference manual here about Set Limits for IPv4 Sessions.
