Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

FW-Rules not working to restrict VPN-Portal?

Hi there,

since some days, we encounter Bruteforce-Attacks against our Mainfirewall (Sophos XGS):

Access from IP address '92.53.xxx.xxx' is blocked for '30' minutes after '5' unsuccessful login attempts

I've tried to block all requests from this IP with a Deny/Reject-Firewall on the Top of our ruleset; but i still got mails with this login-attempts.
The rule was a simple "From WAN, IP-address to ANY Zone/Network, reject/block ANY Port". The States/Traffic-Count on the rule resides at 0 after some minutes (and mails from Sophos, that a IP was banned for some minutes).

So my question is: The access to the VPN-Portal is not limited by the firewall-ruleset?

We don't need the VPN-Portal available via external access and tried to deactivate ist - but then, our clients can't connect anymore via Sophos Connect.

Thanks in advance,



Edited TAGs
[edited by: Erick Jan at 11:59 PM (GMT -7) on 1 Oct 2024]
Parents Reply Children
No Data