Hi there,
since some days, we encounter Bruteforce-Attacks against our Mainfirewall (Sophos XGS):
Access from IP address '92.53.xxx.xxx' is blocked for '30' minutes after '5' unsuccessful login attempts
I've tried to block all requests from this IP with a Deny/Reject-Firewall on the Top of our ruleset; but i still got mails with this login-attempts.
The rule was a simple "From WAN, IP-address to ANY Zone/Network, reject/block ANY Port". The States/Traffic-Count on the rule resides at 0 after some minutes (and mails from Sophos, that a IP was banned for some minutes).
So my question is: The access to the VPN-Portal is not limited by the firewall-ruleset?
We don't need the VPN-Portal available via external access and tried to deactivate ist - but then, our clients can't connect anymore via Sophos Connect.
Thanks in advance,
This thread was automatically locked due to age.