Every day we have random people trying to authenticate into our hardware spam filter in order to spoof emails and whatnot. What I set up on the UTM9 was a black hole NAT. So under Network Protection > NAT > NAT I have a DNAT set up. In the "For traffic from:" I have a group called Spammers/Hackers which has a list of IPs of the offenders. "Using service" is set to Any and "Going to" is set to "External Address Group" which is a list of all our networks both using WAN and LAN IPs. It is then set to "Change the destination to" an IP of 240.0.0.0. Our IP scheme is using a class B for reference. Also checked is the automatic firewall rule option.
However it doesn't appear to be working...I say this because I went to add an IP to the offender list and it said it already existed as I had added it last week, but the offender was still able to attempt to authenticate to our security gateway. Did I set this up wrong? Any help would be appreciated.
This thread was automatically locked due to age.
