How to block "hacker" ip if exist NAT rule

Pavel
Pavel Posts: 112  Ally Member
First Comment Friend Collector Fourth Anniversary

Hello.

1 Device - USG FLEX 200

2 We have NAT rule - 1234 external port to local x.x.x.x ip, 4321 local port service "RDP"

3 "Hacker" is brute this port from y.y.y.y.

Q:

USG is block y.y.y.y after 3 attempts, and unblock later, block again and unblock later :)

How create permanent rule for blocking y.y.y.y or y.y.y.y.y/24

All Replies

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Make a Policy Control with new object address y.y.y.y for the source and action deny

  • Pavel
    Pavel Posts: 112  Ally Member
    First Comment Friend Collector Fourth Anniversary
    edited June 10

    Certainly, Policy was created after create nat rule. Priority -1 in policies.

    Ip object was created, very uncomfortable create rules and object :) for each network.

    Policy rule created and active, Source - Address Group

    and

    P.S.

    I off policy log option after create image.

  • MJStar
    MJStar Posts: 37  Freshman Member
    First Answer First Comment Friend Collector Third Anniversary

    You can create an IP group that includes the blocked IP addresses(I mean y.y.y.y or y.y.y.y.y/24), and then create a security policy to block those IPs from accessing your public IP.

Security Highlight