I have Cisco ASA Hardware Firewall and O don't see how to block either a bunch of IP addresses (thousands) or deny access to a whole country. Is it possible? Adding one IP at a time is not an option. Thanks
I agree with Labnuke99 - try to limit who can access the service they're attacking. Also consider contacting your ISP to see if there's anything they can do (i.e. setup an ACL) to keep the traffic from ever getting to your network in the first place.
Too many iptable rules in your firewall can create memory & CPU overhead loads for each new connection and impact latency. I found TechGuard makes an in-line appliance (IPV4/IPV6 compatible) that works w/ other firewalls and routers that allows for blanket policies (like country blocking) but still granular control (i.e. allow specific IP addresses for a corporate office in China as an exception, or blocking specific IP addresses for countries you want open to your network).
Again, this would be for a company operating their own servers, in a network that can support an in-line appliance built to block IP addresses by country.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!
Discuss This Question: 3  Replies