unknown IP Address

You have a few options... If you want to restrict access to internal resources to prevent certain IPs from even trying to log in, you could employ a local-in policy: config firewall local-in-policy edit 0 set intf wan1 //--as one example set srcaddr blocked_range set dstaddr protected_servers //-- or " all" set service ALL set schedule always set action deny end This would require you to create address objects beforehand to represent at least the blocked IPs (or subnets, or countries, which may help), if not also the protected servers. You could also apply source address restrictions to an inbound policy, but with the caveat that these packets will still be processed by the CPU up until the point where they match the deny policy. With DoS attacks, this deny often comes too late.

If it' s management traffic that does not pass through firewall policies. If so, and it' s trying to login to your Firewall you need to configure the Trusted host settings for all admin users so that they only allow specific IPs and/or subnets.

What traffic are you seeing from unknown sources and is it external or internal origin?