What is the best way to block an external IP trying to connect to services like IKE ?
I tried to create the following policy with no luck! :
Incoming interface WAN1
Outgoing interface? (IPSEC_VPN or Internal, or ....?) tried both
Source IP address: is set to mach the range of IP that I want to block
Destination addres : is set to all
The policy is placed at the very top
Also I tried to config the Local-In_policy as follows
set intf WAN1set srcaddr <Group_of_blocked_addresses>set dstaddr <All>set service <IKE>set schedule <Always>
I tried to set the action to deny but it wont accept it!
Any ideas how this is accomplished!! I came from Juniper and denying external IP's was not a project!
Forgot to mention that I limited access to the device by setting the trusted sources to my internal IPs in the admin section to enhance the device security.
post edited by SamH - 2017/04/22 02:18:42