How to block "hacker" ip if exist NAT rule

Options
Pavel
Pavel Posts: 112  Ally Member
First Anniversary 10 Comments Friend Collector

Hello.

1 Device - USG FLEX 200

2 We have NAT rule - 1234 external port to local x.x.x.x ip, 4321 local port service "RDP"

3 "Hacker" is brute this port from y.y.y.y.

Q:

USG is block y.y.y.y after 3 attempts, and unblock later, block again and unblock later :)

How create permanent rule for blocking y.y.y.y or y.y.y.y.y/24

All Replies

  • PeterUK
    PeterUK Posts: 2,902  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    Options

    Make a Policy Control with new object address y.y.y.y for the source and action deny

  • Pavel
    Pavel Posts: 112  Ally Member
    First Anniversary 10 Comments Friend Collector
    edited June 10
    Options

    Certainly, Policy was created after create nat rule. Priority -1 in policies.

    Ip object was created, very uncomfortable create rules and object :) for each network.

    Policy rule created and active, Source - Address Group

    and

    P.S.

    I off policy log option after create image.

  • MJStar
    MJStar Posts: 36  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    You can create an IP group that includes the blocked IP addresses(I mean y.y.y.y or y.y.y.y.y/24), and then create a security policy to block those IPs from accessing your public IP.

Security Highlight