Announcement

**gravenscroft** · 08-08-2022, 06:37 AM

Threat Prevention got to it first. By the time the Firewall app saw the traffic, it had already been blocked, so there was no need for the Firewall app to take any action.

App processing is more or less simultaneous, meaning that the session is fed to the UVM (the Untangle Virtual Machine, where the apps operate) and all the apps have at it at the same time. Since each app is looking for/at different qualities, there's no overlap. Sometimes a particular app acts on a session before another has the chance, in which case there's no reason for the 'slower' app to do anything.

**balrog** · 08-12-2022, 10:07 AM

Originally posted by road hazard View Post

I was looking around in the Threat Prevention logs and saw this:

[ATTACH=CONFIG]11721[/ATTACH]

If I'm reading that right, 'Firewall Blocked - false' means the firewall didn't catch this.

But the Threat Prevention module did..... as it says 'true'. Here is the firewall rule:

[ATTACH=CONFIG]11722[/ATTACH]

Am I mis-interpreting the data or is my firewall rule mis-configured? I following this guide: https://support.untangle.com/hc/en-u...ecific-country

You might as well add Russia, North Korea and Iran. Combined, 51% of cyber global attacks originates. Not full proof, but at least better than nothing.

**sky-knight** · 08-13-2022, 08:20 AM

Originally posted by balrog View Post

You might as well add Russia, North Korea and Iran. Combined, 51% of cyber global attacks originates. Not full proof, but at least better than nothing.

I've given up on GeoIP filtration, Threat Prevention does all this for me and it's a MUCH better solution to the problem.

Though dang it can be a royal pain in the arse sometimes. Like when it decides to hate a cloudflare proxy ip!

Announcement

Why is traffic from China not being blocked?

Why is traffic from China not being blocked?

Comment

Comment

Comment