You do not even need to do a super large list. If you can, block Russia, Ukraine, China, Nigeria (and other parts of Africa), N Korea and Iran. You will see your login attempts instantly drop off.
Also Note that if using authentication rules you will need to lock this down to the specific geo objects as well. Otherwise it overrides the geo setting on the main sslvpn settings.
We just Erased the login page for SSL-VPN and changed the port and all stopped instantly. If they have your HTML from your ssl-vpn page, just erasing the HTML wont work. They already have the HTML on their system to brute force with. Screen shot below.
ah nice will take a look at this thanks
Many failed attempts may lock an account, assuming they’re using a valid account. OP doesn’t use common account names, good, but uses common SSL VPN fqdn, bad 
+1 on the geoblock. We block the top 10 countries for this sort of activity.
Well, from the Software Dev side, error handling is the least tested part of anyone’s code. So there are situations where you can cause memory/handle/thread leaks if you hit someone’s error handling hard enough. In this case if it’s a new/unknown bug, it could open up an opportunity to pwn the whole firewall, or to just allow malicious traffic through depending on how things go down. So minimizing (where possible) the error handling code getting kicked in, is always a good thing.
glad to know isn’t just my setup then, agree its very annoying
Using a non-standard port makes you lose one of the biggest advantages of SSL-VPN. The fact that it goes over TCP/443 by default.
Yeah you should be able to go into SSL VPN Settings > Restrict Access and add a GEO address there.
To create the address, just go to Policy and Objects > addresses > create new > change subnet to Geography and create whatever country.
Do you know what versions of Forti OS support this ?