06-07-2021 04:41 AM
Hello Community,
Is it possible to block or blacklist an IP address for using client VPN on an FTD using FMC?
I can see the connections via packet tracer but i did not see them in the connection events.
I tried to configure a prefilter rule and a global blacklist for that IP with no effect.
Any ideas?
Solved! Go to Solution.
06-07-2021 05:34 AM
A pre-filter or ACP rule is for traffic "through" the FTD, not "to" the FTD for VPNs. You'll need to use a control plane ACL inbound on the outside interface, this can currently only be done using Flexconfig.
Here is an example:-
06-07-2021 05:01 AM
Just thogutht why not create an access policy outside interface to block those IP address (which is known) connect to outside IP address.
06-07-2021 05:34 AM
A pre-filter or ACP rule is for traffic "through" the FTD, not "to" the FTD for VPNs. You'll need to use a control plane ACL inbound on the outside interface, this can currently only be done using Flexconfig.
Here is an example:-
06-07-2021 06:33 AM
Hi Rob,
This is exactly what i have been looking for.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide