Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block traffic to WAF correctly

I'm struggling to block access to the WAF, I am trying to block all but Cloudflare IP ranges from accessing the WAF however there is still traffic hitting the WAF from non cloudflare IP's. If you are a non cloudflare IP then you get a forbidden page instead of an outright block.

I have tried creating a blackhole NAT Rule to try and fix this but it doesn't work.

I have my existing WAF rule that is up and working and I want to blackhole or block anything that isn't Cloudflare.
I have tried making a NAT Rule to firstly allow the Cloudflare IP's on HTTP/HTTPS, then a rule under it that does the black hole.

It doesn't work and I never see traffic hitting either of the rules. I even tried just having the blackhole and it still never logs anything against that rule.

A few years ago I did this same thing for a customer and it was so easy, maybe in v17, what am I missing?



This thread was automatically locked due to age.