Hi everyone, I would like to do some configuration for users who are connecting to organization through VPN. When they are connecting to the enterprise from their home they should approve this by email that connection is going to be established from their side if it is going to be fraud or smth firewall or graylog should reject this connection .
Thanks for help.
Hrmmm. Bending Graylog to do a kind of 2FA… Personally I would look at something like Duo Security which would be far more reliable. Graylog isn’t set up by default to reject connections but if you can script your VPN to close a connection, with Alert criteria, you could fire off a script to disconnect the session. You would need enterprise licensing to allow scripting…
Really feels like a square peg though.
1 Like
Hello,
I agree with @tmacgbay Don’t think graylog itself can achieve this. BUT if Graylog is connected to AD DC its possible to create a GPO.
Just a thought… if you put Graylog-Server behind a Gateway server you can control this environment much better 
As for a firewall iptables to can drop connection with ipv4 or ipv6 range. We use DUO a lot and works great.
2 Likes
Thanks for recommendations I think I am as well is going to use something like DUO.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.