Hi All,

I am seeing login attempts to our exchange every 15 mins for over a week now and would like to block this IP from connecting to any open ports on the WAN.

Using a 2960 I have setup an group and object in the filter as follows:

Action: Block
Input interface: All WANS
Output Interface: All LANS
Source IP Object: single address 72.43.34.178

I connected to our VPN from an external source and ran a ping to an internal server, also ran a ping from inside out, when I enabled the rule my VPN dropped. Is there something I'm missing? Do I need to add a rule after this one which allows all, if so how should I set this up (struggling to get to grips with this).

Many thanks

what does the syslog say - it will tell you if its blocking your VPN against the rule you have set up.
Something like this

[IPF-SBS-BlockSMTPIn] BLOCK src ip 195.54.232.2 mac 40:00:39:06:93:ec dst ip 192.168.0.4 proto tcp DPT=25

This is blocking everything in on port 25 except a certain range and 195.54.232.2 isn't in that range.

I have seen the option to send messages to a syslog server but we don't currently have one setup on site. Is there something free which you would recommend?

Many thanks

you can use the draytek one its called syslog or router tools

http://www.draytek.co.uk/support/downloads

scroll to the bottom.