10000017

If you suspect that an unauthorized person is attempting to log in to your FortiWeb, there are some preventative measures that you can take.

Restrict physical access to the FortiWeb to ensure that only authorized persons can attach a console or computer to the appliance’s local console port.

Configure all administrator accounts with trusted IPs that restrict login attempts to ones that originate only from your trusted, physically secured, private administrative network. Do not allow login attempts from hostile or untrusted IP addresses. If any administrator account uses a broad trusted IP definition such as 0.0.0.0/0.0.0.0, then due to that account, FortiWeb must allow login attempts from all IP addresses, including the Internet. Brute force login attempts are then a significant risk.

Enable strong password enforcement. Passwords must be significantly complex in length and character types in order to make brute force login attempts impractically slow.

Require regular password changes.

Enable only secure administrative protocols (SSH and HTTPS) on network interfaces. Insecure protocols such as HTTP and Telnet are easily susceptible to eavesdropping, man-in-the-middle, and other attacks that could compromise your connection, your password, or both.

User <administrator_name> login failed from {GUI(<mgmt_ip>) | telnet(<mgmt_ip>) | ssh(<mgmt_ip>) | console}

date=2014-04-10 time=18:11:53 log_id=10000017 msg_id=000000195892 device_id=FV-1KD3A13800012 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" type=event subtype="system" pri=alert trigger_policy="" user=a ui=GUI action=login status=failed msg="User a login failed from GUI(172.22.6.240)"