I have a rule to block a range of IPs configured in Hosts and are combined in an IP Host Group [Block IP (HG)] and it is at the top of the list of all Firewall Rules, and I expect it to drop all the IP in the range and not get to ATP or any further.
However I still get C2/Generic-A items in my ATP log from an IP within the group even though they should be Dropped by the rule.
From the log below, the host is in my local network, dst and threat are both the same configured in the 'Block IP (HG)' so I get many logs in ATP but I should get the Dropped log under Firewall logs.
Any advice or suggestions.
In V17 this drop rule worked and no logs in ATP.
This thread was automatically locked due to age.
