I've responded to you twice and my messages aren't getting posted for some reason. I'll try again. I'm seeing a consistent trickle of failed authentication attempts on our Exchange server. It's nothing major, around 20 / hour, but after the HAFNIUM attacks last March, I'm trying to be more proactive about blocking these IP addresses. We're got a 1:1 NAT allowing TCP ports 25, 443 & 587 to our exchange server. We've also got a 1:1 NAT allowing TCP 443 & UDP 500/4500 to our VPN server. I tried your ping test from our exchange server and despite having rules denying traffic to 141.98.11.0/24, Lithuania & explicitly blocking 141.98.11.13, the ping is still successful. We're on version MX 17.6, if that makes a difference. Edit: We have 5 MX Appliances. 2 with 1:1 NAT and 3 with no NAT forwarding rules. The only appliance that the Layer 7 firewall rules do not work as expected is the one I originally posted about.
... View more