Results 1 to 4 of 4
  1. #1
    Untanglit
    Join Date
    Jul 2021
    Posts
    27

    Question Why is traffic from China not being blocked?

    I was looking around in the Threat Prevention logs and saw this:

    china not blocked by firewall.png

    If I'm reading that right, 'Firewall Blocked - false' means the firewall didn't catch this.

    But the Threat Prevention module did..... as it says 'true'. Here is the firewall rule:

    china firewall rule.png

    Am I mis-interpreting the data or is my firewall rule mis-configured? I following this guide: https://support.untangle.com/hc/en-u...ecific-country

  2. #2
    That Which Lurks Below
    Join Date
    Jul 2018
    Posts
    143

    Default

    Threat Prevention got to it first. By the time the Firewall app saw the traffic, it had already been blocked, so there was no need for the Firewall app to take any action.

    App processing is more or less simultaneous, meaning that the session is fed to the UVM (the Untangle Virtual Machine, where the apps operate) and all the apps have at it at the same time. Since each app is looking for/at different qualities, there's no overlap. Sometimes a particular app acts on a session before another has the chance, in which case there's no reason for the 'slower' app to do anything.
    hpaunet and balrog like this.
    Græme Ravenscroft • Technical Marketing Engineer
    ('gram', like the unit of measurement)
    he/him
    Please don't reboot your NGFW.
    How can we make Arista ETM products better?

  3. #3
    Untangler
    Join Date
    Mar 2018
    Location
    Toronto, Ontario
    Posts
    99

    Default

    Quote Originally Posted by road hazard View Post
    I was looking around in the Threat Prevention logs and saw this:

    china not blocked by firewall.png

    If I'm reading that right, 'Firewall Blocked - false' means the firewall didn't catch this.

    But the Threat Prevention module did..... as it says 'true'. Here is the firewall rule:

    china firewall rule.png

    Am I mis-interpreting the data or is my firewall rule mis-configured? I following this guide: https://support.untangle.com/hc/en-u...ecific-country
    You might as well add Russia, North Korea and Iran. Combined, 51% of cyber global attacks originates. Not full proof, but at least better than nothing.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,546

    Default

    Quote Originally Posted by balrog View Post
    You might as well add Russia, North Korea and Iran. Combined, 51% of cyber global attacks originates. Not full proof, but at least better than nothing.
    I've given up on GeoIP filtration, Threat Prevention does all this for me and it's a MUCH better solution to the problem.

    Though dang it can be a royal pain in the arse sometimes. Like when it decides to hate a cloudflare proxy ip!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2