Firewall rules to block unwanted IP addresses

Options
Ludek
Ludek Posts: 8 image  Freshman Member
First Comment Fourth Anniversary
edited April 2021 in Nebula
We have our own mail server being NSG50. Many IP addresses are trying to log into mail server. Is it possible to block these addresses with firewall rules? Or another rules to block unwanted IP addresses?

Comments

  • Zyxel_Barney
    Zyxel_Barney Posts: 85 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Security
    Hello @Ludek

    Is your Mail server perhaps on the LAN-side of your NSG50? Does this also mean that you are using 1:1 NAT or Virtual Server to allow clients from the Internet to access your Mail server?

    If so, we have two solutions:

    1. Black-listing IP Address:
    Use the Outbound Rules to Deny the public IP address of Untrusted mail clients.

    *Use commas to create multiple remote IP addresses.

    2. White-listing IP Address:
    Use the "Allowed remote IP" list to create a white-list of Mail clients (public IP addresses) that can access your Mail server. 

    *Use commas to create multiple remote IP addresses.

    Clients from the Internet not in the allowed remote IP list are blocked by the NSG's default firewall rules.

    Hope this helps!

    Regards,
    Barney

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)