This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 and Countries Blocking

Hi,

Since a few days, we get a lot of network attack (packet send) from Russian's IP on our RDP port.

I have blocked Russian Federation (FROM) in Firewall -> Countries Blocking, but I still get the packet in Kaspersky event log.

Does it take some time to get active in the UTM or so ? 

Thank for help.

EDIT Aerial tramway:

I see in the firewall log that some attempts are "Country Blocked" but some just pass. I guest it came from the method the UTM is using to determine the origin country. If I enter the IP in a localisation website, it told me that it come from Russia but it seem like the UTM doesn't react the same way.



This thread was automatically locked due to age.
  • Ok it seem solved. I was missing the 2 last updates from UTM. Probably that was the cause of the wrong identification of original country.

    Now, I cannot see live firewall log anymore after the update (error message popup) but I will restart it. Anyway I don't have any incoming russian packet anymore.