Unwanted traffic on outgoing policy with FG-300C FW with 5.2.11 V

Forum|Forum|6 years ago
January 3, 2020
1 reply
2561 views

Hi,

I am facing the issue with the unwanted traffic from different countries are accepting on my outgoing policy.

Actually I have restricted the traffic from only specific countries but beyond that traffic is generating.

Whenever I am clearing the sessions of that certain specific IP's next 10 to 15 min the traffic is getting denied.

But again after that 20 min time period, unwanted traffic is generating.

Please help with this.

Dave_Hall

New Member

Create Geography-based address labels then group them into a list of countries you want blocked. Then:

1. create a firewall policy from inside (e.g. lan) going out (e..g. WAN1) using the "block countries" group as the dest address. Move this policy to the top of the firewall chain.

2. For blocking unwanted traffic from countries in the reverse direction (or from hitting the fgt's public IP address) - enable Local-In policies then (in the CLI) create a Local-In policy that blocks the "block countries" group (source).

Number #2 above is tricky if you have servers running internally that need to (receive) communications from other countries. (e.g. mail server).

emnoc

New Member

Actually I have restricted the traffic from only specific countries but beyond that traffic is generating.

I would 1st have him look at his policy(s). If the policy is matching and then not matching or vice-versa than the traffic is changing or the policy is not correct.

Is either correct or not-correct. He can adjust the policy to meet his needs.

Ken Felix

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded