There are two options to limit admin access for these attempts.
Restrict subnets with admin ability
configuration > Admin > Permitted ips
enter the subnet ranges where legitimate admins will have as a source address
Restrict admin protocols on the interfaces
Network > Interfaces > list
edit the interfaces
Turn off webUI, ssl & ssh on interfaces where there is no need for legitimate admin access
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home------------------------------
Original Message:
Sent: 11-28-2020 08:39
From: DIDIER MARIE
Subject: Web access attempts
Hello,
Since 2 or 3 weeks, I have noticed in the logs of our Netscreen ssg5 recurring web access attempts (https). In the logs, warn: Admin user "" login attempt for Web (https) management (port 443) from xx .xx.xx.xx failed due to an incorrect client ID.
It is important to note that there was no username entered but these "" empty. Strangely, I cannot reproduce this warn message by entering an empty logging / password.
How can I avoid these access attempts?
------------------------------
DIDIER MARIE
------------------------------