How to properly block an IP

xkp68
xkp68 Posts: 26  Freshman Member
Second Anniversary First Comment
edited April 2021 in Security
Hi,
from the log of the firewall i can see attack detected from a specific IP




So i decided to add the ip in the blacklist in the reputation filter



But still i see the even in the log.


Am i doing something wrong?
Thanks in advance.
Filippo

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,163  Zyxel Employee
    Third Anniversary 100 Answers 500 Comments Friend Collector
    Answer ✓

    Hi @xkp68

    Your ATP device’s ADP feature already drop abnormal TCP attack sessions from source IP of 104.173.79.233.

    So, you can see those messages shown on the log. It’s normal.



    And if you configure Black List on IP Reputation mean that the client behind LAN can’t access the IP of 104.173.79.233.

    If you would like to reject any traffic from this IP, you can add a security policy.



    Thanks.


    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,163  Zyxel Employee
    Third Anniversary 100 Answers 500 Comments Friend Collector
    Answer ✓

    Hi @xkp68

    Your ATP device’s ADP feature already drop abnormal TCP attack sessions from source IP of 104.173.79.233.

    So, you can see those messages shown on the log. It’s normal.



    And if you configure Black List on IP Reputation mean that the client behind LAN can’t access the IP of 104.173.79.233.

    If you would like to reject any traffic from this IP, you can add a security policy.



    Thanks.


    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • xkp68
    xkp68 Posts: 26  Freshman Member
    Second Anniversary First Comment
    Thank you very much

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)