This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inbound Ip Blocking

Hi All

I'm having some issues blocking inbound IP addresses, I set something up years ago and at that time I seem to remember testing it and it worked but now its not working.

We have a DNAT rule (at the very bottom)

For Traffic From - Group Of External IP's here

Using Service - ANY

Going To - Name Of Our Internet Interface

Change the destination to - Some random fake IP address

And the service to - nothing

Automatic firewall rule - ticked

As an example, I have blocked my currently assigned mobile phone IP, and I can still access published websites on the UTM which should not be the case, what flagged this up was that I was getting quite a few port scan e-mails, and I was adding them to the block list and a few days later got a port scan from a IP that was already supposed to be blocked.

This thread was automatically locked due to age.

Parents

0 rsenio over 7 years ago

Your DNAT rule for the IP blocking needs to be at the top. As for the port scan and email alerts, you're not blocking that via DNAT. That is handled via the intrusion prevention system. You can see the order of how traffic is handled in the link below. Rule #2

https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rsenio over 7 years ago

Your DNAT rule for the IP blocking needs to be at the top. As for the port scan and email alerts, you're not blocking that via DNAT. That is handled via the intrusion prevention system. You can see the order of how traffic is handled in the link below. Rule #2

https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data