網路攻擊很猖狂

最近的網路攻擊超級猖狂的，因為工作的關係，其實我已經具備一定的危機意識了。所以家裡原本就有一台 FortiGate 60D 擋在最前面，做一個基本的防護。在過去也沒什麼特別設定，但是最近 Qnap 的設備一直被攻擊，好多人珍貴的檔案都被加密了。讓我不得不重新審視家裡的網路安全。

所以過去沒特別鎖定連入 VPN 的位置與 IP ，在這次特別設定。也把 log 都打開，在第一時間就能收到警告。而資料備份三二一原則也是基本的

FortiGate 設定 VPN policy 之後沒有反應

在 GUI 介面設定完畢之後發現根本沒有作用，上網查了一下才發現...

Hi, you cannot block IPSec VPN traffic destined to the Fortigate IP itself with usual Security Rules - they only manage traffic PASSING the Fortigate from one interface to another.
To achieve that you need to use Local-in policy (viewable in GUI but editable in CLI only).
So your policy would look like (this will block ALL access from Ban_IP (only) to Fortigate, IPsec VPN, SSL VPN, Admin GUi etc. If you want to block just IPsec, set service accordingly):

REF: https://forum.fortinet.com/tm.aspx?m=188611

因為 VPN 的 Policy 沒有辦法透過 GUI 介面操作，必須要透過指令修改才會生效。

下面就是這次加上的 Policy

BAN 掉一些故意來試的

config firewall local-in-policy
  edit 1
  set intf "wan1"
  set srcaddr "Ban_IP"
  set dstaddr "all"
  set service "ALL"
  set schedule "always"
  set action deny
  set status enable
  next
end

直接鎖定只有台灣的 IP 才可以用 VPN

config firewall local-in-policy
  edit 2
  set intf "wan1"
  set srcaddr "ONLY_TAIWAN"
  set dstaddr "all"
  set service "ALL"
  set schedule "always"
  set action accept
  set status enable
  next
end

錯誤嘗試鎖定機制

config vpn ssl settings
  set login-attempt-limit 3          <----- Replace number of attempt to allow in place of x.
  set login-block-time 3600             <----- Replace number of seconds to block attempt in place of y.
end