Cannot block multiple IPs (IP groups)

Question

Hi! 
 It seems that I cannot block (drop or reject) traffic from specific IP addresses. I've set up the following policy on the very top of the list: 
 Source: WAN Networks: (two IP-Lists: one with some countries and one with a some specific IPs which were trying to hijack my POP3 server) Services: Any 
 Destination: LAN (also tried Any) Networks: Any 
 Action: Reject (also tried Drop) 
 Log traffic: enabled 
 After enabling that rule, I still see logins on my POP3 server, originating from hosts which are definitely on the above list. 
 If I open the log on my XG and navigate to "Security policy" I only see "Accepted" entries and not a single "Rejected" one... 
 Am I missing something here?

lferrara · Accepted Answer

Oxident, 
 inside your XG you have a BAR that allows POP3 for normal users. Inside this rule, can you add the bad IP inside Exceptions area like the screenshot?

oxident · Answer

Hi Luk, 
 ahh, yes of course I have such a BAR ... but I thought, when placing a "deny" rule on top of this, the request will be filtered out before it "reaches" the POP3 BAR. 
 Anyway, I've set up what you suggested and for the moment, it seems to work, although I can't find any evidence in XG's log files ;-)