IPsec connection attempt

Hi BAD,

Thank you for reaching out to Sophos Community.

Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue?

You may set up 1 FW rule to allow traffic that specifies the allowed users  and then create another rule below the rule position to drop the rest for accessing  IPsec Tunnel

Sorry Erick, but I dont understand you.

I dont have users... this is a S2S IPsec tunnel.

I have at the top this two rules to permit traffic between the remote net and the local net:

Thanks.

Best regards.

Hello there,

To avoid seeing this, you could create a DNAT rule to send this ip to a black hole (A fake Internal IP).

In the Firewall rule change the Source for the IPs you want to drop and select IKE services, as shown in the image above.

Then, for the NAT Rule, do the same for the Original Source; under DNAT, add a Fake IP.

After this, connections from these IPs shouldn't appear in the Log Viewer or in the charon.log.

Regards,

Hello there,

To avoid seeing this, you could create a DNAT rule to send this ip to a black hole (A fake Internal IP).

In the Firewall rule change the Source for the IPs you want to drop and select IKE services, as shown in the image above.

Then, for the NAT Rule, do the same for the Original Source; under DNAT, add a Fake IP.

After this, connections from these IPs shouldn't appear in the Log Viewer or in the charon.log.

Regards,

Thanks Emmanuel,

So, I can safely ignore the alerts?

Best regards.