Firewall config for single static IP
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Other than viewing the silent tutorial video, can anyone explain the main simple steps (Omada functions) for configuring a the firewall to block ssh attempts for all ports of a specific IP address. I used both the hardware and cloud based controller. I am getting reports from a local server that login attempts are happening every night at a specific time from an IP address in a far away country. While I have disabled the service on the server for a specific time period, I would like to stop the attack before it reaches the server.
Thanks for posting in our business forum.
OK. So, if you want to block this, currently, you can use ACL.
In the future firmware update, there will be IDS/IPS which may be helpful for you. But the ACL should also help you make this happen.
ACL scheme:
Direction = WAN IN
The source can be Geo IP if you have this GeoIP on V5.12 Controller. Or you can set up a group of IP addresses
It's not necessary to use what I have. The version is controller V5.12.
Like I said you can use the WAN-IN ACL with the IP-Port group to implement what you need. If you don't bother to take a look at it by yourself, then there is nothing else I can offer.
I think you did not understand. The dst port is still 22, you can still block src IP(his regional subnet) and src port 0-65535.
You cannot block all src IPs because this even blocks you from accessing SSH. This is the dilemma of port forwarding. Anyone who knows your IP address can access this port. What you can do best is to set up ACL to block known or regional subnets. Or use VPN then.