Hello All,
Yesterday my Firewall start trigger IPS alerts, 8 in totals. I see a specific WAN IP address in the rapport i want to completely block. I have read couple older disscution but nothing fully help me. I have already do this firewall rule:
Source zone : WAN
Source networks and devices : (The IP i want to block)
During scheduled time : All the time
Destination zones : LAN
Destination networks : Any
Services : Any
I place this rule on top. And it not seem to work
I have already read this article : https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRulesBlackHoleDNATRuleCreate/index.html Before i dot it i just wanna know how to proprely configure it (DNAT black hole) to not interup the production. I run a lot of firewall rule (one for each vlan i want to accces the web) and each firewall rule is attach to one SNAT. Im not sur how to configure a DNAT black hole, do i need to create a new firewall rule with the DNAT rule attach or i juste create a new NAT rule and place it at the bottom (like the link i post). Im not sur how the firewall proccess the NAT rule.
Thanks in advance for any help.
This thread was automatically locked due to age.
