DesertsofArizona
asked on
How do I block an incoming IP address using SonicWall TZ-170
On our SBS 2003 server under the Event Viewer I am seeing 2-3 failed authentications every second for the last 14 hours. I took a look at the LogFiles to find the source of the IP that appears to be attempting to hack their way in. So, I wanted to block that IP address and created a rule in SonicWall saying:
Source: 220.231.xxx.xxx (WAN)
Destination: *
Services: Any
Action: Deny
But, after I create it, I check the Event Viewer and they are still trying to hack in. Did I create my rule incorrectly or is there something else I need to do. Any help is appreciated. Thanks.
Source: 220.231.xxx.xxx (WAN)
Destination: *
Services: Any
Action: Deny
But, after I create it, I check the Event Viewer and they are still trying to hack in. Did I create my rule incorrectly or is there something else I need to do. Any help is appreciated. Thanks.
maytrix
Does this rule appear above the rules that would allow them to access the network? If there is a rule allowing access first, then this address will get in.
ASKER
I have about a dozen rules above them for different backend software that is used. How do I move it up? I have not seen how other than changing the Service to IDK but that did not seem to stop them either.
I don't have a sonicwall interface in front of me, but I thought there was a link to prioritize them on the left side of the rules.
ASKER
Maybe I have an older version but I do not have the up/down arrows to the left to assign the priority.
I seem to remember you could drag and drop to reprioritize the rules on the TZ170. Either that or you enter a rule number when editing.
KuoH
KuoH
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.