Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 28930 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't seem to block specific IP addresses

BenUecker

Using the country block as a template I created a new Security policy to block certain ip addresses.  These particular addresses have been attacking my network.

The problem is I don't think it is actually working.  I put the IP address of my phone into my list of addresses I want blocked and I am able to still access my web server.

The network rule is listed at the top and this is what I have:

Identity is off

Source

zone: WAN

Networks: the list of IP addresses I want blocked

Services: ANY

Schedule: ALL THE TIME

Destination

Zone: LAN

Networks; ANY

Action: Drop (I had REJECT but it doesn't seem to matter)

Log Traffic: ON



This thread was automatically locked due to age.
Parents
  • 0
    Change the destination zone to WAN.

    After all - you are trying to block the traffic before NAT brings it in to your network, so changing it to WAN and making it the first rule will effectively block it before any inbound NAT entries would bring it into your LAN.

    Good luck!

    --

    Chavous Camp

    UTM, SMC, SGN Certified Engineer / XG Certified Architect

  • 0 in reply to ChavousCamp
    Thanks for your help.

    I changed destination to WAN and have saved it but I can still access my web server. Any other setting that I need to change? I already did have the policy at the top.
Reply Children
No Data
Unfiltered HTML