Comments
-
I did this on our SMA, blocking all countries but US and its cut down on login attempts by about 80%. On our TZ470 I have an object address rule that only allows WAN access to our TZ from my home IP address so no other external IP addresses can attempt to log in to it
-
How would one accomplish this on an SMA210? I'm only seeing ability to block botnet ip addresses or networks, but no way to import txt files
-
The scans seemed to have stopped....the rule is still set to Destination X1, but since they are no longer occurring I left the rule as is. If they reoccur I'll try changing the Destination to Any zone. Thanks
-
I created a rule (see screen shot attached)...I tried changing destination zone to X1, which is the zone for our firewall (affected system here). I'm still getting port scan alerts. I'm assuming I need to tweak something but am not sure what
-
thank you
-
I checked our FW this AM, there were about 353 echo replies yesterday, after I blocked low priority attacks in IPS. Also, just checking, echo replies are listed as high risk level....
-
thanks I will set ICMP block for low priority attacks in IPS as advised, i had it set to just detect
-
the default WAN to LAN deny rule is in place
-
We have terminal services configured for remote desktop connections. The traffic I'm seeing are attempted connections to our RDP systems. They aren't initiated by our LAN systems, so I'm don't think that blocking LAN to WAN would be relevant to my issue