Dear,
We are under attack since two days from two IP's. I try to block two IP's from the attackers but it doesn't seem to work.
I created immediately the rule below with the two culprets, to drop and log all the traffic. The rule is the very first rule in the rulebase.
As you can see above, this rule captures no traffic (same in the firewall-log : no traffic from these hosts).
However, when I verify the IPS-log, the system reports it blocks traffic.
Spoof Protection is enabled but doesn't show anything.
In the troubleshooting post, it says that IPS is checked last :
Fragment Reassembly Module > Strict Policy Checking> Connection Bypass Module > DOS policy > Spoof checking > Connection tracking module for Stateful Inspection > Sequence checking > policy marking and firewall rule matching > Web Access Policy/AV/AS > IPS.
What am I doing wrong please ? I try to drop all traffic before it is blocked by the IPS.
Thanks !block
This thread was automatically locked due to age.
