Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Molaw
New Contributor

Unusual number sessions from nordvpn

20220523_221142.jpg

My firewall is blocking all the sessions from nordvpn but it still consumes the data. The attached screenshot is of 24hr activity even my servers are shutdown but it is making sessions with my complete IP Pool.

8 REPLIES 8
akumarr
Staff
Staff

Could you please share the output for the below-mentioned commands?

config firewall policy
edit <policy id>
sh full
end

To check the policy ID Kindly check the related policy on device GUI(Policy and objects >> Firewall policy/IPv4 policy)

May I know whether do you created any rule or  web filter or application control to block it?

Best regards,
ARUNKUMAR.R.
Molaw
New Contributor

112233

 

bommi
Contributor III

Hi Molaw,

 

in your firewall policy you are allowing "srcaddr all" to access your server.

 

Where do you exactly try to block NordVPN?

Can you show us this policy?

 

Best Regards

Domink

NSE 4/5/7

Molaw
New Contributor

at webfilter level using regex

bommi
Contributor III

Ok, but the firewall policy above is for accessing one of your servers from the internet.

If you dont want to have nordvpn users accessing your public servers, the webfilter is the wrong tool.

 

You could place a policy which contains the internet service database record "VPN-Anonymizing.VPN.Server" as source before your server access policy.

 

This could look like one of my policys:

bommi_0-1653629599278.png

 

If one ip from one of those sources arrives on my fortigate, it will be blocked. This policy should be placed at top of your ruleset, if possible.

 

Best Regards

Dominik

NSE 4/5/7

Molaw
New Contributor

where can i make this policy?

Molaw
New Contributor

webfilter.PNG

Molaw
New Contributor

sessions.PNG