How to block "hacker" ip if exist NAT rule
Ally Member
Hello.
1 Device - USG FLEX 200
2 We have NAT rule - 1234 external port to local x.x.x.x ip, 4321 local port service "RDP"
3 "Hacker" is brute this port from y.y.y.y.
Q:
USG is block y.y.y.y after 3 attempts, and unblock later, block again and unblock later :)
How create permanent rule for blocking y.y.y.y or y.y.y.y.y/24
All Replies
-
Make a Policy Control with new object address y.y.y.y for the source and action deny
0 -
Certainly, Policy was created after create nat rule. Priority -1 in policies.
Ip object was created, very uncomfortable create rules and object :) for each network.
Policy rule created and active, Source - Address Group
and
P.S.
I off policy log option after create image.
0 -
You can create an IP group that includes the blocked IP addresses(I mean y.y.y.y or y.y.y.y.y/24), and then create a security policy to block those IPs from accessing your public IP.
0
Guru Member
Freshman Member
Categories
- All Categories
- 429 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 350 USG FLEX H Series
- 291 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 406 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight
