We'd love to hear about it! Click here to go to the product suggestion community
We're keep receiving Alerts from XG.
Alert for SFV2C4 (SFOS 17.5.11 MR-11)
Device Information: Hostname: testvpn.myhostname.com Date/Time: 2020-05-22 12:44:45 Alert ID: 17507
Message: User '-' failed to login from '22.214.171.124' using ssh because of wrong credentials
I set up this one on Firewall, but seems it's doing nothing.
Hi ciwan Is there any DNAT/WAF configured in the firewall? Is there any ACL configured in the firewall?Please refer to this thread - https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/118893/geoip/431682#pi2151=3
In reply to Keyur:
I don't have any DNAT but i do have severals WAF configured in the firewall. No ACL configured. The referred thread is about RDP? What I need is either block the whole china region or the ip range i am receiving from the email notification above.
In reply to ciwan:
Is SSH access enabled for the WAN zone from device access? The firewall rule which you have created for "China, in the Source Network, select WAN instead of "ANY"
Yes SSH access enabled for the WAN zone from the device access
changed to WAN
i'll enable the notification again, see if i receive anything again.
Hi ciwan I would request you to disable the SSH access for the WAN zone from Device Access, it will restrict SSH access to everyone from the WAN zone. If you want to allow specific IP, you can create Local ACL rule - https://community.sophos.com/kb/en-us/132814#Local%20Service%20ACL%20Exception%20Rule
Thanks. i've done that. Seems ok for now :)
Hi ciwan We glad that we could help, please reach out to us for further assistance.