External Malicous IPs hitting on Wan Interface

Forum|Forum|6 years ago
November 27, 2019
1 reply
2914 views

Hi,

I am seeing a lot of external malicious IPs as source in Traffic-Local logs to my wan interface on port 80. How can I block a list of different external IPs on my wan interface. If I configure a local-in-policy for blocking port 80 wan interface, will it block my other traffic for port 80? We are running an application on both port 80 and 443.

Regards

ede_pfau

SuperUser

Well, port 80 (and port 443) open on a firewall's external port should be very, very well weighted. Sometimes you can shift those well known port numbers to a high range (50000+), letting the VIP 'down transform' that to the original port on the inside.

Apart from that, you could tailor the local-in policy with appropriate source address (whitelisting) instead of 'all'. Other than that, consider using a secure access via VPN. I take it that you have already disabled HTTP and HTTPS access on the WAN port, of course.

OFIvolveAuthor

New Member

If I configure a local-in-policy for blocking port 80 wan interface, will it block my other traffic for port 80?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded