SMA Log getting flooded with 'remediation failed' and 'all packets will be denied' events
AronS
Newbie ✭
The past day our SMA210 is getting flooded every few hours with events below. I know we can keep our log from recording them, but aside from that, is there anything I can do to keep these a-holes from trying to access our network? I have GEOIP filter blocking all countries except USA already and have the latest firmware.
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=189.51.13.72 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 189.51.13.72" agent="(null)"
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=189.51.13.72 dst="sslvpn" user="System" usr="System" msg="All packets from 189.51.13.72 will be denied" agent="(null)"
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=189.51.13.159 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 189.51.13.159" agent="(null)"
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=189.51.13.159 dst="sslvpn" user="System" usr="System" msg="All packets from 189.51.13.159 will be denied" agent="(null)"
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.226 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 179.107.50.226" agent="(null)"
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.226 dst="sslvpn" user="System" usr="System" msg="All packets from 179.107.50.226 will be denied" agent="(null)"
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.164 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 179.107.50.164" agent="(null)"
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.164 dst="sslvpn" user="System" usr="System" msg="All packets from 179.107.50.164 will be denied" agent="(null)"
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=189.51.13.170 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 189.51.13.170" agent="(null)"
Feb 5 11:27:22 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:22" vp_time="2025-02-05 16:27:22 UTC" fw=XXX pri=5 m=0 c=1002 src=189.51.13.170 dst="sslvpn" user="System" usr="System" msg="All packets from 189.51.13.170 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=138.204.48.254 dst="sslvpn" user="System" usr="System" msg="All packets from 138.204.48.254 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=138.204.49.129 dst="sslvpn" user="System" usr="System" msg="All packets from 138.204.49.129 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=138.204.48.192 dst="sslvpn" user="System" usr="System" msg="All packets from 138.204.48.192 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.220 dst="sslvpn" user="System" usr="System" msg="All packets from 179.107.50.220 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=138.255.222.146 dst="sslvpn" user="System" usr="System" msg="All packets from 138.255.222.146 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.158 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 179.107.50.158" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.158 dst="sslvpn" user="System" usr="System" msg="All packets from 179.107.50.158 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.134 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 179.107.50.134" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.134 dst="sslvpn" user="System" usr="System" msg="All packets from 179.107.50.134 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=200.162.138.241 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 200.162.138.241" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=200.162.138.241 dst="sslvpn" user="System" usr="System" msg="All packets from 200.162.138.241 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXXtime="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=177.36.159.133 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 177.36.159.133" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=177.36.159.133 dst="sslvpn" user="System" usr="System" msg="All packets from 177.36.159.133 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=200.162.138.14 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 200.162.138.14" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=200.162.138.14 dst="sslvpn" user="System" usr="System" msg="All packets from 200.162.138.14 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=177.36.140.191 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 177.36.140.191" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=177.36.140.191 dst="sslvpn" user="System" usr="System" msg="All packets from 177.36.140.191 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.163 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 179.107.50.163" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=179.107.50.163 dst="sslvpn" user="System" usr="System" msg="All packets from 179.107.50.163 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=177.36.159.51 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 177.36.159.51" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=177.36.159.51 dst="sslvpn" user="System" usr="System" msg="All packets from 177.36.159.51 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=177.36.140.34 dst="sslvpn" user="System" usr="System" msg="Remediation failed for 177.36.140.34" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=177.36.140.34 dst="sslvpn" user="System" usr="System" msg="All packets from 177.36.140.34 will be denied" agent="(null)"
Feb 5 11:27:23 sslvpn SSLVPN: id=sslvpn sn=XXX time="2025-02-05 11:27:23" vp_time="2025-02-05 16:27:23 UTC" fw=XXX pri=5 m=0 c=1002 src=138.255.222.227 dst="sslvpn" user="System" usr="System" msg="All packets from 138.255.222.227 will be denied" agent="(null)"
Answers
If you don't want to disable GeoIP & Botnet logging then you're probably out of luck. The logging of this event is stupid, because it's done even with Remediation disabled in the settings.
Setting the loglevel to Warning might help, but I can't tell what you'll missing.
—Michael@BWC