How to block "hacker" ip if exist NAT rule
Ally Member
Hello.
1 Device - USG FLEX 200
2 We have NAT rule - 1234 external port to local x.x.x.x ip, 4321 local port service "RDP"
3 "Hacker" is brute this port from y.y.y.y.
Q:
USG is block y.y.y.y after 3 attempts, and unblock later, block again and unblock later :)
How create permanent rule for blocking y.y.y.y or y.y.y.y.y/24
All Replies
-
Make a Policy Control with new object address y.y.y.y for the source and action deny
0 -
Certainly, Policy was created after create nat rule. Priority -1 in policies.
Ip object was created, very uncomfortable create rules and object :) for each network.
Policy rule created and active, Source - Address Group
and
P.S.
I off policy log option after create image.
0 -
You can create an IP group that includes the blocked IP addresses(I mean y.y.y.y or y.y.y.y.y/24), and then create a security policy to block those IPs from accessing your public IP.
0
Guru Member
Freshman Member
Categories
- All Categories
- 439 Beta Program
- 2.7K Nebula
- 190 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 466 USG FLEX H Series
- 305 Security Ideas
- 1.6K Switch
- 82 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 281 Service & License
- 440 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
