Too Many Created SSH/RDP Sessions

By default, there are rules created under Config > Events > Alerts to indicate when there are too many SSH or RDP sessions created. However, this is not an indication that somebody is accessing either the NGFW itself, or your network. These alerts are created when somebody is attempting to reach the device/network via those protocols, and can be determined if they are ever able too via Config > Network > Port Foward Rules, or Config > Network > Advanced > Access Rules. If neither SSH nor RDP is specified in a rule for activity, there is no way for any external connections to take place. 

mceclip0.png

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk