1. Go to Firewall >> Defense Setup and enable DoS Defense.
2. Click White/ Black IP List Option. Input the unknown peer's IP and click Add to add the IP into Black IP List, and select log if you want to see from Syslog Explorer.
NOTE: For some models like Vigor2860, Vigor2925... the White/Black IP List is in Diagnostics >> DoS Flood Table.
1. To receive syslog alert about unknown IP request, go to System Maintenance >> Syslog / Mail Alert to set the Syslog Access.
2. Check the Firewall Syslog List on Draytek Syslog Utility. Network Administrator will receive an alert from the router when the IP in blacklist attempt to access.
Then go to Diagnostics >> Syslog Explorer from Router setup page, you will also see the IP is blocked.
1. Go to Objects Setting >> IP Object page and add the unknown IP as an IP Address.
2. Go to Objects Setting >> Time Object page and add a Time Object.
Note: Please enter the Start Time which is later but closed to the current time, and the End Time is a little earlier than the Start Time. For example, if the current time is 15:55 and we can enter the start time as 16:00:00, and the end time as 15:59:59. After the firewall rule effects, this Time Object can be removed.
3. Go to Firewall >> Filter Setup page, create an IP Filter Group then click Add to create an IP Filter Rule for blocking the unknown peer IP.
After that, we will see such kind of Firewall log instead of the VPN log:
<13>Dec 27 17:13:02 Vigor: [Clear Session] Delete conntrack by ip_filter_set_rule : unknown <135>Dec 27 17:13:07 Vigor: [IPF-unknown] BLOCK src ip 18.104.22.168 mac 00:1d:aa:xx:xx:xx dst ip 172.17.5.92 proto udp DPT=500, skbmark=10000002/0
Published On: Jul 08, 2019
Was this helpful?
Thank you for your feedback :)
Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.