daknetworks.com

You are here: Blog Block IP Address on Sonicwall

Block IP Address on Sonicwall

Let's say you have an IP ADDRESS on the WAN trying to perform a DDOS or a SYN-FLOOD attack to your location. Even though you have the DDOS attack proxied via FIREWALL-SETTINGS > FLOOD-PROTECTION as "Proxy WAN client connection when attack is suspected", you still want to send a message that these types of activities will not be tolerated.

Or you find out that the WAN IP ADDRESS is most definitely malicious as in the following IP from OFFSHORE RACKS: 181.174.167.251

This IP ADDRESS happens to be a Russian forum for DARKMONEY.CC. I can't even read the web site. It's irrelevant at this point. I know it malicious.

To block the WAN IP ADDRESS:

  • -create an ADDRESS OBJECT (FIREWALL > ADDRESS OBJECTS).
  • -set the "Zone" as WAN.
  • -Navigate to the Firewall > Access Rules page.
  • -Select the WAN to LAN button to enter the Access Rules (WAN > LAN) page.
  • -Click Add to open the Add Rule window.
  • -Select DENY as the Action.
  • -Select ANY as the Service
  • -Select Source as the address object or group created earlier.
  • -Select ANY as the Destination
  • -Click Add and Close.

The above is adapted from here:
https://support.software.dell.com/kb/sw9982

The REAL-TIME-DEMO can be accessed here:
https://realtime.demo.sonicwall.com/main.html

Contact Dak Networks

We are not taking on new clients at this time.