Hi, we have a mailserver sitting behind a FG200B, FG is running Firmware 4 MR1 Patch 4 Build 196. We have created a VIP and a firewall policy to lead all traffic coming into the FG at port 110 and 25 to our mailserver. That works without any problem. We also attached a protection profile to that rule. That profile includes a IPS-sensor with some rules to protect the mailserver. One of those rules is the POP3.login.failed rule. For testing I have a testmaschine outside of our network. When I try to connect to our mailserver from the testmaschine and use wrong credentials i see in the FG-logs, that a failed login occured and in the webui under user i also see the IP address being banned. That' s a wanted behavior. Now to the strange thing. Although the ip I use is banned im still able to connect to the server. I' m also able to input credentials and the mailserver is answering according to my inputs. The computer i was trying to connect from has also a POP3 service running. So i tried to connect from our Mailserver to this testmaschine and i was not able to get connected. When i delete the banned ip, i can connect from the testclient to the server and vice versa. So i think the ban procedure bans the wrong way. For testing purpose i tried another rule, the POP3.Unknown.Command rule. When i connect from the testmaschine to our server and use just some " Enter" - commands the FG correctly detects, that there where unknown commands flown to the server and installs a blocking rule. I can see it under user->banned IPs. And now am not able to connect from the testmaschine to the mailserver any more. That' s the behavior i also want to happen from the Failled.Login rule. Can anyone explain this to me? Or is anyone able to reconstruct that behavior? thanks in advance i. hoffmann