How to properly block an IP

Options
xkp68
xkp68 Posts: 26  Freshman Member
First Anniversary First Comment
edited April 2021 in Security
Hi,
from the log of the firewall i can see attack detected from a specific IP




So i decided to add the ip in the blacklist in the reputation filter



But still i see the even in the log.


Am i doing something wrong?
Thanks in advance.
Filippo

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,131  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @xkp68

    Your ATP device’s ADP feature already drop abnormal TCP attack sessions from source IP of 104.173.79.233.

    So, you can see those messages shown on the log. It’s normal.



    And if you configure Black List on IP Reputation mean that the client behind LAN can’t access the IP of 104.173.79.233.

    If you would like to reject any traffic from this IP, you can add a security policy.



    Thanks.

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,131  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @xkp68

    Your ATP device’s ADP feature already drop abnormal TCP attack sessions from source IP of 104.173.79.233.

    So, you can see those messages shown on the log. It’s normal.



    And if you configure Black List on IP Reputation mean that the client behind LAN can’t access the IP of 104.173.79.233.

    If you would like to reject any traffic from this IP, you can add a security policy.



    Thanks.
  • xkp68
    xkp68 Posts: 26  Freshman Member
    First Anniversary First Comment
    Options
    Thank you very much

Security Highlight