Help, getting attacked

#1 - NEVER use nat for a service such as rdp.  Setup a vpn with 2fa for accessing such a dangerous internal service such as this.  I personally feel anyone who has rdp available publicly should be whipped with a wet noodle. Just no.. no no no no no. Good on you for turning it off, now never ever turn that on again.

#2 - your firewall is doing its job, though you can create an IP group where you collect all these Ip addresses, put it top of your firewall rules as a drop rule, or a nat to blackhole (non-existant ip address).  See #2 community.sophos.com/.../rulz

#3 - Also consider looking up the various IP addresses in geoip to see if consistently from another country you can consider blocking, though the 13.64 seem to be USA

#1 - NEVER use nat for a service such as rdp.  Setup a vpn with 2fa for accessing such a dangerous internal service such as this.  I personally feel anyone who has rdp available publicly should be whipped with a wet noodle. Just no.. no no no no no. Good on you for turning it off, now never ever turn that on again.

#2 - your firewall is doing its job, though you can create an IP group where you collect all these Ip addresses, put it top of your firewall rules as a drop rule, or a nat to blackhole (non-existant ip address).  See #2 community.sophos.com/.../rulz

#3 - Also consider looking up the various IP addresses in geoip to see if consistently from another country you can consider blocking, though the 13.64 seem to be USA