FW-Rules not working to restrict VPN-Portal?

Question

Hi there, 
 since some days, we encounter Bruteforce-Attacks against our Mainfirewall (Sophos XGS): 
 
 Access from IP address '92.53.xxx.xxx' is blocked for '30' minutes after '5' unsuccessful login attempts 
 
 I've tried to block all requests from this IP with a Deny/Reject-Firewall on the Top of our ruleset; but i still got mails with this login-attempts. The rule was a simple "From WAN, IP-address to ANY Zone/Network, reject/block ANY Port". The States/Traffic-Count on the rule resides at 0 after some minutes (and mails from Sophos, that a IP was banned for some minutes). 
 
 So my question is: The access to the VPN-Portal is not limited by the firewall-ruleset? 
 We don't need the VPN-Portal available via external access and tried to deactivate ist - but then, our clients can't connect anymore via Sophos Connect. 
 Thanks in advance,

Mayur Makvana · Accepted Answer

Hello, 
 Kindly refer to the KBA for resolving the issue: RE: Disabling VPN portal breaks SSLVPN connections 
 Firewall rule does not work to limit access to VPN portal.

Mayur Makvana · Answer

Hello, 
 Please follow the recommended best practices. You may create the ACL for the specific countries if they are connecting from any known region for now. 
 Create ACL to Block IP/Country in Device Access by Creating ACL based on country 
 Enable Sign-in security settings 
 Also, our team is actively working to find other work around. Kindly have watch on development under the community link shared before.

FW-Rules not working to restrict VPN-Portal?

Top Replies