Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader
Jump to solution

Blocking IP addresses using fwaccel dos deny in bridge mode does not work

Hi Team,

I have deployed R81.10 in bridge mode and wanted to block certain IP addresses at sxl level using fwaccel dos deny. I guess it does not work in bridge mode?

It perfectly works in other way not sure if I am doing anything wrong or is this a limitation with bridge mode?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
1 Solution

Accepted Solutions
fabianm
Employee Employee
Employee

Hi team 

I tested the dos deny feature in Fws in bridge mode and it works properly but I must enabled this:

  • To enable enforcement for traffic received on internal interfaces:

    [Expert@HostName:0]# fwaccel dos config set --enable-internal

View solution in original post

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee

Just to confirm, how is the topology defined, is the src behind an external interface or have you otherwise enabled internal-to-interal checking for fwaccel dos?

CCSM R77/R80/ELITE
0 Kudos
Blason_R
Leader
Leader

Hi,

Being a bridge interface it does not give a option to define topology

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Chris_Atkinson
Employee Employee
Employee

topology.png

CCSM R77/R80/ELITE
0 Kudos
fabianm
Employee Employee
Employee

Hi team 

I tested the dos deny feature in Fws in bridge mode and it works properly but I must enabled this:

  • To enable enforcement for traffic received on internal interfaces:

    [Expert@HostName:0]# fwaccel dos config set --enable-internal

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events