Failed Authentication

Failed Authentication

The Failed Authentication console displays instances in which users attempted to connect to the server but were unsuccessful. Depending on the Time Display setting, the console will display instances from the last 5 minutes, 1 hour, or 24 hours. The results can be sorted by the number of instances a given user attempted to log in.

By double-clicking on any of the entries on the main Failed Authentication console, a drill down view appears, displaying more detailed information on that user’s authentication attempts, including the date and time of each login attempt, the message explaining the reason each authentication failed e.g. a mismatched password, and the source IP address.

This console can be filtered by Destination, Login Type, Result, Source, Type, and User. For more on filters, seeĀ Filtering options.

Only FortiGate models 100D and above support the 24 hour historical data.

 

Scenario: Investigating a user’s failed authentication attempts

The Failed Authentications console can be used to access information on individual users and their unsuccessful attempts to access the network. In this scenario, an administrator investigates a user’s multiple attempts via the console’s drill down capability.

1. Go to FortiView > Failed Authentication to access the Failed Authentication console.

2. Select the Failed Attempts column header to sort the entries by number of attempts.

3. Double-click the top entry to drill down to more detailed information on attempts made by the user with the highest number of attempts.

This entry was posted in FortiOS 5.4 Handbook and tagged , , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.