I wonder if anyone knows the answer to this pls?

We have a number of 2862 outers which are also end points for VPN traffic, both 'dial in' and LAN to LAN. They are being repeatedly attacked by some hacker who tries to make a L2P VPN connections on every end point many times a minute - and fails. The attacks all come from the same IP and I want to block this from even hitting the VPN endpoint. But when I try to set an IP 'Block Immediately' filter nothing seems to happen. So does the firewall logically sit in front of or behind the VPN end point logic in the 2862.

Any ideas on how to block this would be much appreciated.

TiA

davidmatthewson wrote:
But when I try to set an IP 'Block Immediately' filter nothing seems to happen. So does the firewall logically sit in front of or behind the VPN end point logic in the 2862.

Any ideas on how to block this would be much appreciated.

Behind

Somewhere there is a Draytek support article detailing this scenario. It says to add the offending IP address to the "Black List" at Firewall >> Defense Setup

UPDATE: See: https://www.draytek.com/support/knowledge-base/5982

Excellent. Many thanks for this. I'll try it and revert with what happens.

Edited later:
Yes, this indeed seems to work. Of course,not along term solution as the scum will just come back with a different IP (range) but works well at present, so many thanks!