Too Many Created SSH/RDP Sessions
By default, there are rules created under Config > Events > Alerts to indicate when there are too many SSH or RDP sessions created. However, this is not an indication that somebody is accessing either the NG Firewall itself, or your network.
What does the alert mean?
These alerts are created when somebody is attempting to reach the device/network via those protocols, and can be determined if they are ever able too via Config > Network > Port Foward Rules, or Config > Network > Advanced > Access Rules. If neither SSH nor RDP is specified in a rule for activity, there is no way for any external connections to take place.
Have more questions? Submit a request
Please sign in to leave a comment.