Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 13009 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall violations

sogolzanganeh

Hello friends,

I think I have an invisible threat on my network and I am wondering if someone could help me.

I have a high bandwidth usage  and very high memory usage on one of my servers that I can see on my UTM.
The thing is when I see  logging and reporting-->Network protection-->Firewall  I can see some IPs from Austria that is using some tcp services with customize ports.Is there any way to disconnect them.
Also I have a high number of violations in Firewall daily.
I used Country Blocking traffic for Austria.Also except well-known services there is no other port open on my UTM Firewall.



Any advice or idea would be highly appreciated.
Thank you.



This thread was automatically locked due to age.
Parents

  • For others who get similar stuff like this and you want to quickly, with the least amount of resources, block them until you resolve the cause then you can do the following:

    Go to Interfaces & Routing > Static Routing

    Create a Blackhole route and set the source as a network group containing the host definitions of the IPs your want to send *cue Talking Heads* on the roooadd to nowhere!

    But yes, what was your fix, leaving us on a cliffhanger!

    Emile

  • in reply to Emile Belcourt

    Thank you for your advice Emile.

    I did the following which looks like OK:

    I trace the IP address and ask my Internet Provider to block the IP addresses.

    Also I Block the country on  the UTM Firewall country blocking section.Fortunately the company does not need any traffic flow through that country.

    But definitely I will do the solution you've mentioned.Thank you.

     

    Sogol

Reply
  • in reply to Emile Belcourt

    Thank you for your advice Emile.

    I did the following which looks like OK:

    I trace the IP address and ask my Internet Provider to block the IP addresses.

    Also I Block the country on  the UTM Firewall country blocking section.Fortunately the company does not need any traffic flow through that country.

    But definitely I will do the solution you've mentioned.Thank you.

     

    Sogol

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML