I have recently rolled out a security appliance and I was alerted to traffic coming in from a country I block in my Layer 7 rules (To/From traffic). I found the IP block in ARIN and set a block for the entire range. I noticed that the Forwarding Rules section listed "Allowed Remote IPs" and I was wondering if the port Forwarding rules ignore certain Layer 7 rules?
After I added the remote ip range to the Layer 7 rules the traffic did stop.
Is it that the block Country rules are too general and the firewall may only perform a best effort as to not get overwhelmed by requests?
Thanks for any light shedding that can be performed.