This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion prevention warning

Hi all,

 in my UTM9 SG310 

latest firmware installed 9.510-5 

I got several mail from IPS told me some attack from the same IP public  address. Checked the geo position i assume is an unwanted user.

So  i wish block this IP.

Applying a rule on firewall were: the source ( ip address unwanted) any services going to my network is dropped nothing happens. The pubblic IP unwanted continuing to knock on my door.

 

Where i'm wrong

 

Thanks Gian  Luca

 

 



This thread was automatically locked due to age.
Parents Reply
  • Hi,

     

    You might want to test a black hole Nat for the IP.

    Create a rule (maybe IP Range in case you get more in the future).

     

    New Target:

    Source: the IPs that are getting through

    Service: HTTP

    Destination: should be to an IPv4 address in 240.0.0.0/4 or to one in 100::/64 for IPv6.

    Position that rule above your others so that i gets processed first, in theory the IP should be nated into the black hole then.

    Regards

    Jason

    Sophos Certified Architect - UTM

Children