- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unusual number sessions from nordvpn
My firewall is blocking all the sessions from nordvpn but it still consumes the data. The attached screenshot is of 24hr activity even my servers are shutdown but it is making sessions with my complete IP Pool.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you please share the output for the below-mentioned commands?
config firewall policy
edit <policy id>
sh full
end
To check the policy ID Kindly check the related policy on device GUI(Policy and objects >> Firewall policy/IPv4 policy)
May I know whether do you created any rule or web filter or application control to block it?
ARUNKUMAR.R.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1
2
3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Molaw,
in your firewall policy you are allowing "srcaddr all" to access your server.
Where do you exactly try to block NordVPN?
Can you show us this policy?
Best Regards
Domink
NSE 4/5/7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
at webfilter level using regex
Created on ‎05-26-2022 10:33 PM Edited on ‎05-26-2022 10:35 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, but the firewall policy above is for accessing one of your servers from the internet.
If you dont want to have nordvpn users accessing your public servers, the webfilter is the wrong tool.
You could place a policy which contains the internet service database record "VPN-Anonymizing.VPN.Server" as source before your server access policy.
This could look like one of my policys:
If one ip from one of those sources arrives on my fortigate, it will be blocked. This policy should be placed at top of your ruleset, if possible.
Best Regards
Dominik
NSE 4/5/7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
where can i make this policy?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
