Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 18718 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inbound Blocking

EdDe Sousa

I'm trying to get the firewall to block inbound connections. I can not get it to block anything inbound. I have attached a screenshot of the rule I have in place at the top of the policies. This did work with UTM 9.

Has anyone else seen this happening?



This thread was automatically locked due to age.
Parents
  • 0
    As with UTM 9, all traffic is dropped by default. There is no need to add a "bucket" drop rule, as no traffic of any kind is allowed until a rule is created to allow it.
  • 0 in reply to DanIngling
    I know that blocking is enabled by default but there is a need to block certain things.

    I have WAF configured and I know I can deny access there to certain sources but I noticed from the WAF logs that there are attacks happening against the sites I do have configured. I would still like the ability to block at the firewall level and not at the WAF level.

    I have included some logs below as an example. Call it paranoia but why allow someone access to potentially try something. I'm not sure since I haven't really investigated the stuff below but it is some sort of spoofing happening.

    2015-12-16 23:33:50
    -
    208.52.161.177
    /phpmyadmin2/scripts/setup.php
    -
    -
    301
    47
    408
    17071
    0

    2015-12-16 23:08:59
    51.254.206.142
    188.68.224.62
    /httptest.php
    -
    -
  • 0 in reply to EdDe Sousa
    Hi there,

    in UTM 9 there is an easy way to do this task. Just create a dnat rule with a destination to a fake ip. Try it with XG.

    Regards
    mod
Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?