• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Failed Login Alerts via e-mail notification

Scheduled Pinned Locked Moved Bounties
7 Posts 4 Posters 5.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    Visseroth
    last edited by Jan 25, 2016, 11:48 AM

    This is a feature that would notify if someone is trying to break into the firewall if there are to many failed login attempts within x amount of seconds.
    For those running multiple firewalls at multiple locations this would be EXTREMELY handy because having the firewall push syslogs to a central site just isn't practical unless those logs are also being filtered.
    My thought was that this would include Web GUI and SSH failed login attempts.
    Heck, if you could just set, "If you see this string then execute this action", that would even work. Because then the notifications could be customized for all sorts of stuff! Downed link(s), errors, ect.

    Thoughts? Anyone willing to donate? I am! I'm not rich but I'd be willing to send $50+

    1 Reply Last reply Reply Quote 0
    • H
      haddock
      last edited by Jan 26, 2016, 3:51 PM

      Any sensible user would firewall down management of the firewall to start with.

      In my world centralized syslog with triggers/filters would be the way to go. I can recommend the ELK-stack to solve that.

      1 Reply Last reply Reply Quote 0
      • V
        Visseroth
        last edited by Jan 26, 2016, 4:54 PM

        I completely agree, on a enterprise or network where there is always IT staff, but the firewalls I have in place are managed by me, I'm a 1 man crew 99% of the time managing multiple small networks which don't have syslog servers.

        1 Reply Last reply Reply Quote 0
        • H
          haddock
          last edited by Feb 2, 2016, 8:57 AM

          Well, even a 1 man army can register a dynamic DNS.

          Here, have a free tip on me:

          Register a free dyndns service of your choice (I can recommend https://freedns.afraid.org/ ).

          Create an alias in each of your managed pfsense installs with the FQDN of your DNS.

          Create a firewall rule to allow external management of your firewalls using your newly created alias as source adress.

          Delete any other external management rules that you may have created.

          Now configure the site where you spend most of your time to update your dyndns record.

          If you are on any other site and need to manage any of the pfsense installs, VPN to your primary site (either push default route there, or just push routes to your managed firewalls.)

          Boom! A much more secure setup and no more failed login attempts.

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Feb 2, 2016, 1:38 PM

            As others have said, do not expose the GUI and SSH to the world – ssh may be OK using key-based auth, not password auth, but even so it's best to use a VPN.

            While knowing about failed login attempts is good, being reactionary to that is bad. The system will automatically shut out bad attempts from an IP address after a few failures, but it's best not to expose it at all. Using a distributed system it could still be possible for someone to brute force things, especially if you use weak passwords.

            Spend a couple moments per site to setup a proper VPN that you can use to remote in and manage and you'll be much better off. DynDNS filtering for a rule is OK but not as secure as a VPN.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • D
              dcol Banned
              last edited by Oct 4, 2017, 3:31 PM

              It would be nice if we were notified about anything. There is no documentation anywhere stating which alerts trigger an email. Also, there should be a GUI letting us choose which alerts to turn on/off, if there are any.

              1 Reply Last reply Reply Quote 0
              • J
                jimp Rebel Alliance Developer Netgate
                last edited by Oct 4, 2017, 3:35 PM

                Please keep your posts in a single, relevant thread. Spamming across a half dozen threads is not going to win anyone over. Locking this.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  [[user:consent.lead]]
                  [[user:consent.not_received]]