Currently have blacklisted 50,000+ IP address in my Sophos XG210. I am running 16.05.XX. I started this in March and was blacklisting approx. 15K a month until August when I got busy. I am about to add 30+ more IP address and I want to get the opinion of other Sophos users first.
The IP addresses I am blacklisting are IP addresses that are trying to hit the login page of my WordPress site. I pull the IP address from the Sophos reports that try and request:
"/wp-login.php".
I have 50+ IP Lists in the Sophos with exactly 1,000 IP addresses in them. So far I have not seen a performance degradation. In order to blacklist these, I have a "DNAT/Full NAT/Load Balancing" rule that is set to Source Zone=WAN, Allowed Network Clients=All of the IP address list objects, forwarded to a fake IP range I made up and a Fake zone. The rule is at the top. So they are just dropped before they go anywhere else.
I just created a ticket with Sophos, asking them what is the limit on IP addresses in a single list and what is the limit to number of objects the Sophos can handle, however I don't see them answer quickly nor do I see them answering with due diligence and actually giving me the answers I want.
Any thoughts?
This thread was automatically locked due to age.
