Hi All,
Hopefully someone can help.
We've got a generic NAT rule to do the following:
DNAT
Any IPv4 > RemoteDesktop (3389) > External WAN Address
Translate to: Our Terminal Server Port 3389
Automatic Firewall Rule - enabled
We have been noticing brute forcers trying to get into the server and attempting to guess the passwords, we want to stop this at the UTM level.
I made a rule to block these IP addresses and moved it to what I thought was the top of the Firewall rules only to see Auto rules taking precedence.
EDIT: I've just noticed in the logs they are getting allowed through based on the NAT rule and not getting affected by the Firewall rule - so any help would be appreciated.
This thread was automatically locked due to age.
