Add an Auto Defense Rule

Auto defense rules are used to prevent massive connection attempts or brute force attacks. This topic describes how to add an auto defense rule.

Procedure

  1. Log in to PBX web portal, go to Security > Security Rules > Auto Defense, click Add.
  2. In the Name field, enter a name to help you identify the rule.
  3. In the Defense Object section, configure relevant settings of the defense object.
    • Service/Port Range: Set whether the rule is applied to a specific service or a port range.
      • Service: Select a service from the drop-down list. The defense rule will be applied to the service and the service port.
        Note: The port follows the setting in Service Ports (System > Network).
      • Port Range: Set a port range.
    • Protocol: Choose a protocol to which the rule is applied.
      • UDP
      • TCP
      • BOTH: Both UDP and TCP.
    • Number of IP Packets: The number of IP packets permitted within a specific time period.
    • Time Interval (s): The time interval to receive IP Packets.

      For example, Number of IP Packets is 90 and Time Interval (s) is 60; The PBX will block the IP that sends more than 90 IP packets in 60 seconds.

  4. Click Save.

Result

When a source address sends packets over the limit within the specified time period, the followings can be achieved:
  • The PBX blocks the IP address. You can check the details in Blocked IPs.
  • If you have enabled notification for Auto Defense IP Blocked Out event, the PBX will give you a pop-up reminder on the web interface, and notify you via a specific method.