topic Re: Brute-Force Attack on Check Point Mobile VPN: Multiple IPs and Fake Usernames in General Topics https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/255406#M42938 <P>No&nbsp;<A href="https://support.checkpoint.com/results/sk/sk105740" target="_blank">https://support.checkpoint.com/results/sk/sk105740</A></P> Tue, 19 Aug 2025 11:27:17 GMT CheckPointerXL 2025-08-19T11:27:17Z Brute-Force Attack on Check Point Mobile VPN: Multiple IPs and Fake Usernames https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253937#M42652 <P>I am experiencing a brute-force attack on my Check Point Mobile VPN access. The issue is that attackers are using a different IP address and username with each attempt, making it challenging to block them effectively. As shown in the second image, one IP (7.105.26.94.tbcg (94.26.105.7)) and username (zhall) were used only twice today, while the first image highlights the variety of IPs and usernames involved. I have SmartEvent Automatic Reaction configured, but the problem persists. Note that the usernames being used are not real usernames. I need advice on how to mitigate this.</P><DIV class="">&nbsp;</DIV><P>&nbsp;</P> Fri, 25 Jul 2025 09:03:04 GMT https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253937#M42652 SubZer0 2025-07-25T09:03:04Z Re: Brute-Force Attack on Check Point Mobile VPN: Multiple IPs and Fake Usernames https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253960#M42655 <P>There is no better way now to block this, as far as I know. This is part of having a portal with username / password that is accessible from the internet.</P> <P>The only thing I can recommend is to make sure fw is up to date. Have a good password policy and use 2FA.&nbsp;</P> <P>You can consider implementing geo protection, block some countries you don't have business with, this is not a solid solution but atleast decrease the amount of attacks.&nbsp;</P> Fri, 25 Jul 2025 12:39:27 GMT https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253960#M42655 Lesley 2025-07-25T12:39:27Z Re: Brute-Force Attack on Check Point Mobile VPN: Multiple IPs and Fake Usernames https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253967#M42657 <P>In SmartEvent is an option where you can block automatically after too many failed logins in a specified time frame.</P> Fri, 25 Jul 2025 14:08:36 GMT https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253967#M42657 D_W 2025-07-25T14:08:36Z Re: Brute-Force Attack on Check Point Mobile VPN: Multiple IPs and Fake Usernames https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253970#M42658 <P>Uhh that was this option was posted by the starter of this topic</P> Fri, 25 Jul 2025 14:18:51 GMT https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253970#M42658 Lesley 2025-07-25T14:18:51Z Re: Brute-Force Attack on Check Point Mobile VPN: Multiple IPs and Fake Usernames https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253971#M42659 <P>Ah right havenā€˜t read carefully enough. Interestingly that worked for us. There are other SKs as well for mulitple failed vpn logins. Depending what kind of VPN is used.</P> Fri, 25 Jul 2025 14:22:23 GMT https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253971#M42659 D_W 2025-07-25T14:22:23Z Re: Brute-Force Attack on Check Point Mobile VPN: Multiple IPs and Fake Usernames https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253972#M42660 <P>Geo protection does not work in this case because of implied rules; you'd have to look at using&nbsp;DOS/Rate Limiting Policy for that.</P> Fri, 25 Jul 2025 15:56:01 GMT https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/253972#M42660 CaseyB 2025-07-25T15:56:01Z Re: Brute-Force Attack on Check Point Mobile VPN: Multiple IPs and Fake Usernames https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/255406#M42938 <P>No&nbsp;<A href="https://support.checkpoint.com/results/sk/sk105740" target="_blank">https://support.checkpoint.com/results/sk/sk105740</A></P> Tue, 19 Aug 2025 11:27:17 GMT https://community.checkpoint.com/t5/General-Topics/Brute-Force-Attack-on-Check-Point-Mobile-VPN-Multiple-IPs-and/m-p/255406#M42938 CheckPointerXL 2025-08-19T11:27:17Z