Repeated Remote Access login failures using password-only
The automation notifies on repeated Remote Access login failures using password-only authentication and blocks the source IP across all Quantum Gateways. The notification provides details about the users, the number of failures and more. Automation parameters can be set such as the threshold for login failures, the block duration, whether the block is automatic or upon administrators approval, and so on.
Supported Product
Check Point Security Management Server (Quantum)
Parameters
|
Block source IP of repeated login failures |
Select the checkbox to block the source IP of repeated login failures. |
|
Admin's approval is required for blocking source IP |
Select the checkbox if admin’s approval is required for blocking source IP |
|
IP block duration |
Set the IP block duration. |
|
Trigger automation upon minimal number of login failures |
Set the minimal number of login failures to trigger the automation. |
|
Trigger automation upon repeated login failures in time duration |
Set the time duration to count the login failures. |
Trigger
When there are repeated Remote Access login failures using password only.
To view the example of this log, click Run.
Flow
