Good Day, I have recently rolled out a security appliance and I was alerted to traffic coming in from a country I block in my Layer 7 rules (To/From traffic). I found the IP block in ARIN and set a block for the entire range. I noticed that the Forwarding Rules section listed "Allowed Remote IPs" and I was wondering if the port Forwarding rules ignore certain Layer 7 rules? After I added the remote ip range to the Layer 7 rules the traffic did stop. Is it that the block Country rules are too general and the firewall may only perform a best effort as to not get overwhelmed by requests? Thanks for any light shedding that can be performed.
... View more
I hope I am not being dense. The way I understand connections through the MX is once a connection is made it is kept alive until one end drops the connection. Is there anyway to force the drop from the MX end other than disconnecting the WAN? For instance, a user has their VPN connection active through the MX and I want to disconnect them from my side. Say a user is being terminated or a malicious entity has somehow gotten in through one of the connected clients. Is there anyway to drop their traffic? I tried through a Layer 3 rule, denying traffic from their IP, but the session was already connected and the endpoint still showed traffic. Luckily this time it was a test. Thanks for any light you can shine...
... View more