Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Specific WAN IP address to acces all the LAN

Hello All,

Yesterday my Firewall start trigger IPS alerts, 8 in totals. I see a specific WAN IP address in the rapport i want to completely block. I have read couple older disscution but nothing fully help me. I have already do this firewall rule:

Source zone : WAN

Source networks and devices : (The IP i want to block)

During scheduled time : All the time

Destination zones : LAN

Destination networks : Any

Services : Any

I place this rule on top. And it not seem to work

I have already read this article : https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRulesBlackHoleDNATRuleCreate/index.html Before i dot it i just wanna know how to proprely configure it (DNAT black hole) to not interup the production. I run a lot of firewall rule (one for each vlan i want to accces the web) and each firewall rule is attach to one SNAT. Im not sur how to configure a DNAT black hole, do i need to create a new firewall rule with the DNAT rule attach or i juste create a new NAT rule and place it at the bottom (like the link i post). Im not sur how the firewall proccess the NAT rule.

Thanks in advance for any help.

 



This thread was automatically locked due to age.
  • Hi gouellet,

    For blocking a specific WAN IP accessing your LAN, you may create a block/drop Firewall Rule on top of the Policy.

    Regarding the DNAT black hole without creating an FW Rule, it’s used for dropping unwanted traffic without sending any response back from the sender/unwanted source. 

    Since you've placed the DNAT on top, I recommend checking the log viewer and packet capture to analyze the traffic and logs further.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.