Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
203
Views
1
Helpful
2
Replies

IPs that are blocked by policy, still able to make VPN attempts

Go to solution
codewize
Level 1
Level 1

‎02-26-2024 08:40 PM

FP1010 locally managed
I have a policy at the top of my list blocking certain IPs
However, I see in the logs that IPs on that list are still able to make remote access attempts via WebVPN and get rejected because the user doesn't exist.

Why are they even able to get that far?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎02-26-2024 08:45 PM - edited ‎02-26-2024 09:22 PM

The policy effect traffic pass through not traffic direct into ftd' what you want is acl control-plane that deny these IP.

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221469-configure-control-plane-access-control-p.html

 

MHM

View solution in original post

0 Helpful
2 Replies 2

Go to solution
MHM Cisco World
VIP
VIP

‎02-26-2024 08:45 PM - edited ‎02-26-2024 09:22 PM

The policy effect traffic pass through not traffic direct into ftd' what you want is acl control-plane that deny these IP.

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221469-configure-control-plane-access-control-p.html

 

MHM

0 Helpful

Go to solution
codewize
Level 1
Level 1
In response to MHM Cisco World

‎02-27-2024 07:20 AM - edited ‎02-27-2024 07:22 AM

Oh, never mind, I see. Duh. Sorry.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card