Blocked SSH Brute Force Attack -> Release

Hi Chris, 

As suggested by Luk, you may check IPS rules, it is necessary to add the IPS rules between Server and Client. Additionally, you may need to create a firewall rule to allow necessary ports. Keeping all ports is not recommended. 

E.g

SQL -port 1433/1434 

SSH -22 

SMTP -25 

etc.

Hello Aditya,

for testing I have made firewall rules with any allow based on the interface groups (no specific IPs). Later I change the config and let block by default and allow only necesscary ports. In this issue the communication from client to server was blocked (SMB, ICMP, ... everything). When the client got an other IP from the same subnet everything worked fine (blocked with IP 192.168.101.101 /26, worked with IP 192.168.101.102 /26).

Because the issue is now not present, I will post if I notice it again.

Hello,

ok. IPS blocks the SSH connection. I could reproduce it. IPS policy was missing in the firewallconfig while I wrote my last post. Ping and SMB is currently not blocked.

Christoph,

adjust your IPS policy. Take note that built-in policy cannot be edit. So clone it and remove the ssh brute force attack signature or create an above rule where you allow traffic from one ip to another without IPS applied.

Regards

Thanks. I will do it.

Thanks. I will do it.