This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion prevention warning

Hi all,

 in my UTM9 SG310 

latest firmware installed 9.510-5 

I got several mail from IPS told me some attack from the same IP public  address. Checked the geo position i assume is an unwanted user.

So  i wish block this IP.

Applying a rule on firewall were: the source ( ip address unwanted) any services going to my network is dropped nothing happens. The pubblic IP unwanted continuing to knock on my door.

 

Where i'm wrong

 

Thanks Gian  Luca

 

 



This thread was automatically locked due to age.
Parents
  • Hi Gian,

     

    The Firwall Framework works like this.

    *incoming Packets*

    1. RAW packet processing

    2. Contract

    3. DNAT

    *Routing*

    *Forward*

    4. Packet Filter

    5. IPS

     

    Since the Packet Filter is applied before the IPS kicks in there needs to be something wrong with your Rule if the rule doesnt Block / drop it.

    Please show us the Screenshot where we can see the IP and the Port the IP uses. Then post a screenshot of your Top firewall rules.

    Also post a screenshot of your NAT rules.

     

    Regards

    Jason

    Regards

    Jason

    Sophos Certified Architect - UTM

Reply
  • Hi Gian,

     

    The Firwall Framework works like this.

    *incoming Packets*

    1. RAW packet processing

    2. Contract

    3. DNAT

    *Routing*

    *Forward*

    4. Packet Filter

    5. IPS

     

    Since the Packet Filter is applied before the IPS kicks in there needs to be something wrong with your Rule if the rule doesnt Block / drop it.

    Please show us the Screenshot where we can see the IP and the Port the IP uses. Then post a screenshot of your Top firewall rules.

    Also post a screenshot of your NAT rules.

     

    Regards

    Jason

    Regards

    Jason

    Sophos Certified Architect - UTM

Children