Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

Blocking random VPN connection Attempts

CHEOPSkenCHEOPSken Newbie ✭
in Firewall Security Services

Hello everyone

We have a customer that gets random VPN connection attempts at regular intervals. Everytime this happens, their internet connection gets a timeout for a short duration, giving them lag on the terminal server.

I did create an acces rule blocking one particular ip address. The attempts continue however from different public IPs. Is there a way to stop this or to implement a general blocking rule? The customer also has a legit VPN connection to another site that should not be impacted.

grafik.png

I hope my information is good enough, thank you for helping.

Cheers, Ken

Category: Firewall Security Services
Reply

Answers

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    @CHEOPSken do you have only Site to Site Tunnels or Tunnel Interfaces for Peers with static IP addresses? In that case you could limit the IKE Access Rules in WAN-to-WAN to a group of allowed Peers.

    Otherwise I'am not aware of a solution right away.

    —Michael@BWC

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    edited April 26

    Losing internet access [however briefly] because some random IP tried to bring up a tunnel is not the expected behaviour. There must be something else going on here, or a bug in that version.

    We generally don't bother tying down IPsec to known site-site IPs [although that's almost certainly best practise] so I see this kind of message logged regularly and I'm certain it doesn't usually cause internet drops.

Sign In or Register to comment.