How to properly block an IP

xkp68
xkp68 Posts: 26  Freshman Member
First Comment Second Anniversary
edited April 2021 in Security
Hi,
from the log of the firewall i can see attack detected from a specific IP




So i decided to add the ip in the blacklist in the reputation filter



But still i see the even in the log.


Am i doing something wrong?
Thanks in advance.
Filippo

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,317  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @xkp68

    Your ATP device’s ADP feature already drop abnormal TCP attack sessions from source IP of 104.173.79.233.

    So, you can see those messages shown on the log. It’s normal.



    And if you configure Black List on IP Reputation mean that the client behind LAN can’t access the IP of 104.173.79.233.

    If you would like to reject any traffic from this IP, you can add a security policy.



    Thanks.

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,317  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @xkp68

    Your ATP device’s ADP feature already drop abnormal TCP attack sessions from source IP of 104.173.79.233.

    So, you can see those messages shown on the log. It’s normal.



    And if you configure Black List on IP Reputation mean that the client behind LAN can’t access the IP of 104.173.79.233.

    If you would like to reject any traffic from this IP, you can add a security policy.



    Thanks.
  • xkp68
    xkp68 Posts: 26  Freshman Member
    First Comment Second Anniversary
    Thank you very much

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)