I have a client who has migrated from a Watchguard firewall to a Sophos XG310. One of the features they have requested is as follows:
We own a CIDR of IP addresses, for example: 1.1.1.0/28 ranging from 1.1.1.1-1.1.1.14
We would like to set up a "honeypot" of sorts. The IP address 1.1.1.2 in this example is completely unused. There are no services running on that IP and there is no chance that a valid client will access it. What we would like to do is automatically add any IP address which hits 1.1.1.2 in any way to a global blocklist as this behavior is only indicative of somebody snooping around what they don't need to access.
Is this possible?
This thread was automatically locked due to age.
