Hi, 

 

I am new to this forum. I own an older Model (60C) and run the lastest available Firmware 5.2.15.

 

I always get this E-Mail's:

 

Message meets Alert condition date=2020-01-06 time=06:09:26 devname=FGT60C-xxx devid=FGT60Cxxx logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=45.79.106.170 locip=x.x.x.x remport=38958 locport=500 outintf="wan1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status=esp_error error_num="Received ESP packet with unknown SPI." spi="47455420" seq="2f204854"

  I have already configured Local-In Polices described in several articles to block Port 500, 4500 and so on. I tested to block ICMP Traffic from outside with a Local-In Policy and that worked.       Is there a Way to stop this attacks or completly disable IPSEC? I don't need IPSEC VPN, i am using SSLVPN.   Thank you   Here is my Local-In Configuration (first rule was just for testing):  

config firewall local-in-policy edit 1 set intf "wan1" set srcaddr "Work" set dstaddr "WAN" set action accept set service "IKE" set schedule "always" next

edit 2 set intf "wan1" set srcaddr "all" set dstaddr "WAN" set service "IKE" set schedule "always" next

edit 3 set intf "wan1" set srcaddr "all" set dstaddr "WAN" set service "ESP" set schedule "always" next

edit 4 set intf "wan1" set srcaddr "all" set dstaddr "WAN" set service "AH" set schedule "always" next

edit 5 set intf "wan1" set srcaddr "all" set dstaddr "WAN" set service "GRE" set schedule "always" next end