We have moved away from the MOB Portal a while ago due to issue with legacy apps.  Typically the users choose Native Apps  so they could RDP to a PC inside.  Which itself led to more issues as the SNX client requires local Admin rights -- which NONE of our end users have a corporate provided device.  Everytime CP updates the FW release and changes the SNX, we get bombed with calls from remote user who can't connect despite the setting NOT to prompt to upgrade.   I have to modify SNXver.txt etc, But that is a whole other topic!   I may have to look into the MOB Portal again -- I just checked it and our OWA is still defined as a Web App.

Thanks -- Perry

You‘re right @Perry_McGrew using SNX can be terrible. It‘s better with the newer releases but I would prefer a native VPN client or the new harmony connect  Connect solution for client access. MOB will be always a nice solution for webbased application, Citrix environments and I love the ReverseProxy Feature.

Unfortunately we are not licensed for Harmony.  We have been "pushing" user to use the Check Point Capsule VPN in the Microsoft Store.  It requires no Admin access to install  I wish we could include it and the basic configuration in our corporate image.

I have ticket in on the original issue.  Waiting for TAC to respond.   Will post if they have a way to address this kind of issue,

Thx - Perry

Well, TAC responded that they have an IPS setting called "Web Login Form Password Brute Force Attempts".   It needs HTTPS Inspection enabled to be effective.  We don't have that HTTPS Inspection enabled as it causes a lot of headaches. 

I was wondering if CP allows us to define our own "Updateable Objects".   We have a tool that can capture the IPs of failed login attempts.   I was thinking we could script something that would capture this information and dynamically update via API this custom "Updateable Objects".   It would save us a from defining the IP object, adding it to the Group then publish / install.

Maybe @PhoneBoy would know???

-Perry

Thanks.  Passed that info along to a programmer who is looking into it.   What about sk132193?   It seems to be relevant only to AntiBot and AntiVirus.  

That's another option as well.
For those reading along, unless you're on R81 or above, it won't really solve the issue since it will only block the outbound connection.
In R81 and above, it will also block the inbound connection.
And yes, this requires AV/AB. 

I just finished creating the Generic Data Center Object and pointing it to a JSON file.   It works like a charm.   Programmer built a web tool that the IT staff can view, add, & delete the IPs in the list.  The list is built from a software product we use for auditing and records all login attempts.   The programmer also has built in aging criteria that will remove the IPs from the JSON file after "x" days to keep the list manageable.   I have found that most of these "attacks" stop -- either from being shut down or they move to another IP.   This really helped us as the IPS "Web Login Form Password Brute Force Attempts" requires HTTPS Inspection to work.  We just have had little luck with enabling HTTPS Inspection without it breaking something.  

-- Perry