Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 2775 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

prevent access

AreshAreshi

Hi,

We want to block the access to our internal websites from some IP address, I did follow the suggestion of our good frind BAlfson and did this:

 

Create a new DNAT Rule and there create a group that has all IP's that must be blocked then use ANY for the services and use ANY for the going to (because the WAN port has multipal IP's) and for the destnation did create a network Host with IP that is not exsit.

right now the position of the rule is down the list at number 121, should we move the rule to the Top of the DNAT rules? or just leave it there at 121 position?

 

DNAT : {group of bad IPs} -> Any -> {group of WAN (Address) objects} : to {non-existent IP}



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to DuncanNewell

    Hi Duncan,

     

    Thank you for your reply,

     

    Yes you are right we can say from whitch IP address we dont want to have connection to our websites, but unfortunatly with DNAT you can not say ie the google bots can access some of our websites and not some other websites.

    Thanks

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML