Firewall and IDS / IPS question. Novice at networking. Have IDS / IPS enabled, notifications active at high level, medium at block level. I receive daily Intrusion Detection Alerts, typically with my son’s PC as target IP address. Over time, many have repeated source IP (external). I have established firewall rules to Reject incoming traffic from repeat offenders (and some across the related subnet ex. 23.33.44.0/24, zone in =WAN). I continue to get Intrusion Detection Alerts for these addresses, event though firewall rule to block them. Is this behavior expected, is my rule ineffective, is it something else. ?
Post a screenshot of the rules
Could there be a rule allowing the traffic at a higher priority?
Great question. There are a few explicit allows above these rules (ex. allow ping, allow DHCPv6, allow DNS, etc.). I will move the explicit denies to the top and see how that goes.
THANK YOU for the reply.
This thread has been automatically closed due to inactivity. If you believe you have the same issue, please create a new post describing your issue. Feel free to link to this post for context if desired.