Blocked SSH Brute Force Attack - Release

Question

Hello, 
 the XG Firewall detected an SSH Brute Force Attack from Client to Server (seen in control center). Since that all traffic from the client to the server is blocked, also ICMP. The attack is caused by a script, that is now disabled. When the Client IP is changed in the same network, the communication works. Turning back the IP, the communication does not work. 
 How to find out, that the communication is blocked? I can not find any entry in Logviewer? 
 How to release the block from this client to that server. I want to allow the connection? 
 Is it possible to make an exception for some Clients for this security feature? 
 
 Thanks. Chris

Aditya Patel · Answer

Hi Chris, 
 As suggested by Luk, you may check IPS rules, it is necessary to add the IPS rules between Server and Client. Additionally, you may need to create a firewall rule to allow necessary ports. Keeping all ports is not recommended. 
 
 E.g 
 SQL -port 1433/1434 
 SSH -22 
 SMTP -25 
 etc.

lferrara · Answer

Christoph , 
 adjust your IPS policy. Take note that built-in policy cannot be edit. So clone it and remove the ssh brute force attack signature or create an above rule where you allow traffic from one ip to another without IPS applied. 
 Regards

Blocked SSH Brute Force Attack -> Release