Block Specific WAN IP address to acces all the LAN

Hello All,

Yesterday my Firewall start trigger IPS alerts, 8 in totals. I see a specific WAN IP address in the rapport i want to completely block. I have read couple older disscution but nothing fully help me. I have already do this firewall rule:

Source zone : WAN

Source networks and devices : (The IP i want to block)

During scheduled time : All the time

Destination zones : LAN

Destination networks : Any

Services : Any

I place this rule on top. And it not seem to work

I have already read this article : https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRulesBlackHoleDNATRuleCreate/index.html Before i dot it i just wanna know how to proprely configure it (DNAT black hole) to not interup the production. I run a lot of firewall rule (one for each vlan i want to accces the web) and each firewall rule is attach to one SNAT. Im not sur how to configure a DNAT black hole, do i need to create a new firewall rule with the DNAT rule attach or i juste create a new NAT rule and place it at the bottom (like the link i post). Im not sur how the firewall proccess the NAT rule.

Thanks in advance for any help.

 



Edited TAGs
[edited by: Erick Jan at 2:07 PM (GMT -8) on 29 Feb 2024]