Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Failed Login Alerts via e-mail notification

    Scheduled Pinned Locked Moved Bounties
    7 Posts 4 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Visseroth
      last edited by

      This is a feature that would notify if someone is trying to break into the firewall if there are to many failed login attempts within x amount of seconds.
      For those running multiple firewalls at multiple locations this would be EXTREMELY handy because having the firewall push syslogs to a central site just isn't practical unless those logs are also being filtered.
      My thought was that this would include Web GUI and SSH failed login attempts.
      Heck, if you could just set, "If you see this string then execute this action", that would even work. Because then the notifications could be customized for all sorts of stuff! Downed link(s), errors, ect.

      Thoughts? Anyone willing to donate? I am! I'm not rich but I'd be willing to send $50+

      1 Reply Last reply Reply Quote 0
      • H
        haddock
        last edited by

        Any sensible user would firewall down management of the firewall to start with.

        In my world centralized syslog with triggers/filters would be the way to go. I can recommend the ELK-stack to solve that.

        1 Reply Last reply Reply Quote 0
        • V
          Visseroth
          last edited by

          I completely agree, on a enterprise or network where there is always IT staff, but the firewalls I have in place are managed by me, I'm a 1 man crew 99% of the time managing multiple small networks which don't have syslog servers.

          1 Reply Last reply Reply Quote 0
          • H
            haddock
            last edited by

            Well, even a 1 man army can register a dynamic DNS.

            Here, have a free tip on me:

            Register a free dyndns service of your choice (I can recommend https://freedns.afraid.org/ ).

            Create an alias in each of your managed pfsense installs with the FQDN of your DNS.

            Create a firewall rule to allow external management of your firewalls using your newly created alias as source adress.

            Delete any other external management rules that you may have created.

            Now configure the site where you spend most of your time to update your dyndns record.

            If you are on any other site and need to manage any of the pfsense installs, VPN to your primary site (either push default route there, or just push routes to your managed firewalls.)

            Boom! A much more secure setup and no more failed login attempts.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              As others have said, do not expose the GUI and SSH to the world โ€“ ssh may be OK using key-based auth, not password auth, but even so it's best to use a VPN.

              While knowing about failed login attempts is good, being reactionary to that is bad. The system will automatically shut out bad attempts from an IP address after a few failures, but it's best not to expose it at all. Using a distributed system it could still be possible for someone to brute force things, especially if you use weak passwords.

              Spend a couple moments per site to setup a proper VPN that you can use to remote in and manage and you'll be much better off. DynDNS filtering for a rule is OK but not as secure as a VPN.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • D
                dcol Banned
                last edited by

                It would be nice if we were notified about anything. There is no documentation anywhere stating which alerts trigger an email. Also, there should be a GUI letting us choose which alerts to turn on/off, if there are any.

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Please keep your posts in a single, relevant thread. Spamming across a half dozen threads is not going to win anyone over. Locking this.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.