How to block "hacker" ip if exist NAT rule
Ally Member
Hello.
1 Device - USG FLEX 200
2 We have NAT rule - 1234 external port to local x.x.x.x ip, 4321 local port service "RDP"
3 "Hacker" is brute this port from y.y.y.y.
Q:
USG is block y.y.y.y after 3 attempts, and unblock later, block again and unblock later :)
How create permanent rule for blocking y.y.y.y or y.y.y.y.y/24
All Replies
-
Make a Policy Control with new object address y.y.y.y for the source and action deny
0 -
Certainly, Policy was created after create nat rule. Priority -1 in policies.
Ip object was created, very uncomfortable create rules and object :) for each network.
Policy rule created and active, Source - Address Group
and
P.S.
I off policy log option after create image.
0 -
You can create an IP group that includes the blocked IP addresses(I mean y.y.y.y or y.y.y.y.y/24), and then create a security policy to block those IPs from accessing your public IP.
0
Guru Member
Freshman Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
