Hello,
I have a lot of IPs trying to access my External IP on my UTM. I already have ablackhole DNAT Rule added, but I would like to adapt this Rule to be able to permanently block specific IPs / IP Ranges
What would be the best way to do this?
Thx
br
Sally
Correct, you can add an exception in the Country Blocking Exceptions for specific traffic. You can either use the "All" selection and create an HTTP exception using the exception list, or change it to "From" and add your Web Protection exception in Web Filtering.
Anti-Portscan settings in IPS are the only way I know of to select either/or drop/reject packets. Country Blocking will deny all traffic, and takes place before other security policy settings like port forwards or mail routing. You will still probably see the traffic generated on your front page of the UTM, but if you monitor the Network Protection live log, you will see the Country Blocking rule being very effective.
