Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 29 subscribers
  • Views 25935 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block IP address

Jeffrey Jaspers

Hi guys,

In my XG I see a lot of incomming tcp attempts from several IP addresses. Currently they are all blocked by rule 0. Is there a way I can create a rule that is the first in line in which I can define all the IP's I want blocked. Some sort of blacklist.

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • +1

    L

    Jeffrey Jaspers said:
    Hi guys,

    In my XG I see a lot of incomming tcp attempts from several IP addresses. Currently they are all blocked by rule 0. Is there a way I can create a rule that is the first in line in which I can define all the IP's I want blocked. Some sort of blacklist.

    Thanks in advance.

    You can create a “IP Host” under “Host and Services” with a list of IP addresses you’re trying to block. From there, create a firewall rule to “Drop” anything coming from the “WAN” source zone and add the IP Host you created to the “Source Networks and Devices”. The destination zone would be to whatever zones you’re using (I’m assuming LAN) and the destination networks set to “Any”. This will drop traffic coming from the WAN zone and the IPs you listed to anything trying to reach to your LAN zone.

    That being said, Sophos XG is a stateful firewall that, by default, blocks all incoming traffic (rule 0) unless it’s 1) a connection that was initiated from within your network (I.e. the stateful aspect of the firewall) or 2) a specific firewall rule is allowing that incoming traffic. I personally don’t see the point in creating another rule for a rule that already exists unless you need it for logging purposes which the default hidden rule 0 already does. I guess the other purpose would be to explicitly drop the traffic even if the connection was initiated from within your network (i.e. a device on your network is compromised).

Reply
  • +1

    L

    Jeffrey Jaspers said:
    Hi guys,

    In my XG I see a lot of incomming tcp attempts from several IP addresses. Currently they are all blocked by rule 0. Is there a way I can create a rule that is the first in line in which I can define all the IP's I want blocked. Some sort of blacklist.

    Thanks in advance.

    You can create a “IP Host” under “Host and Services” with a list of IP addresses you’re trying to block. From there, create a firewall rule to “Drop” anything coming from the “WAN” source zone and add the IP Host you created to the “Source Networks and Devices”. The destination zone would be to whatever zones you’re using (I’m assuming LAN) and the destination networks set to “Any”. This will drop traffic coming from the WAN zone and the IPs you listed to anything trying to reach to your LAN zone.

    That being said, Sophos XG is a stateful firewall that, by default, blocks all incoming traffic (rule 0) unless it’s 1) a connection that was initiated from within your network (I.e. the stateful aspect of the firewall) or 2) a specific firewall rule is allowing that incoming traffic. I personally don’t see the point in creating another rule for a rule that already exists unless you need it for logging purposes which the default hidden rule 0 already does. I guess the other purpose would be to explicitly drop the traffic even if the connection was initiated from within your network (i.e. a device on your network is compromised).

Children
No Data