5 Replies Latest reply on Jan 20, 2014 10:04 AM by foofightersecurity

    Blocking attacks based on number of attacks from a single source for 24 hrs instead of permanent RFSB

    foofightersecurity

      Hello,

      I am trying to find out how to setup blocking of an attack that triggers the block based on the number of hits from a particular IP. I would also like to block the attack for a period of time; say 24hrs and then unblock that IP after this predefined time period.

      Is this possible?

      I have read that RFSB can be enabled, but it looks permanent. Also does reset TCP work to block for a period of time or is that permanent as well. The configuration screen for this setting (edit of the attack name in the policy) does not seem to have any time length setting to this either.

       

      Thank you for any response in advance.