DNAT and IP-Filter do not block traffic

Question

Hi there, 
 today I really had to block traffic coming from a specific IP going to my UTM 9.705-3 trying massive IPSEC logins. 
 Adding a firewall rule at #1 position did not work so I added a DNAT-rule to NAT all traffic coming from this IP going to my UTM to 240.x.x.x. and placed it on top of all NAT-rules. 
 
 But my IPSEC-log shows me that I am still flooded by this IP. 
 
 How can I protect my network when everything is passing my rules? 
 
 Thank you - 
 
 Chris 
 PS: 
 
 And: why does an "iptables - L | grep IP-address" does not show my filter rule?

FormerMember · Accepted Answer

You may also try to set up 1 blackhole DNAT rule to drop all the IPsec connections and then create a new DNAT on top of it to allow IPsec connections from required source IPs(Branch/Client location). 
 Attaching few snapshots for reference. ==> Create 2 service definitions for TCP/UDP port 500 and port 4500 
 ==> Use default IPsec service group and add above service definitions to it. ==> Create availability group under network definitions with allowed source IPs for IPsec connections. Add all remote location source IP to it. ==> Create 2 DNAT rules as shown below. ==> By configuring this you'll not have to add a single IPsec flooded IP in blackhole DNAT to drop its connection. Let me know if you've any queries.

DNAT and IP-Filter do not block traffic

Top Replies