Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

There is an ip address attempting to connect to create an ipsec vpn to my sonicwall. How to block

About 6 months ago, an IP address (not one of mine) started to try co create an IPSEC VPN to my sonicwall. There is no policy for this connection, so the attempt fails and is logged. The problem is that they try to connect a few times a minute, 24/7. This is filling up my logs, cluttering them with static.

Is there a way to totally ignore a particular IP address so it never reaches the VPN engine?

I've tried blacklisting the IP address by creating an object and deny access rule, but it didn't work.

NSA2600 - 6.5

Category: Mid Range Firewalls
Reply

Answers

  • shiprasahu93shiprasahu93 Moderator

    Hello @Rich65,

    Welcome to the SonicWall community.

    Have you created the access rule to block this IP from WAN to WAN?

    You can say discard on the rule so that the firewall does not even respond to the initial packet sent from this source.

    Thank you!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Rich65Rich65 Newbie ✭

    Hello @SHIPRASAHU93 

    Thank you fro the quick response.

    I originally had WAN to ALL and DENY. Changing to WAN to WAN and DISCARD made no difference.

    Rich

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    Do you have requirement to have IPSec VPN enabled? If not disable it.

    If it's required you can create address objects for known tunnel peers, then edit the auto-created WAN to WAN, Any to WAN Interface IP, IKE rule to only allow traffic from the known peers.

Sign In or Register to comment.