Hello,
I have setup deep inspection on a policy to scan for attacks. The Juniper SSG-140 detects the attacks, but **does not appear to block** further attacks from the source ip...
set policy id 15 attack "CRITICAL:DHCP:ANOM" action close-server ip-action "close" target "src-ip" timeout 60
Eventhough the attacks are detected, they keep flowing through to the web server I am trying to protect.
1) How do I make the SSG-140 block future attacks?
2) How do I get a list of blocked IP addresses due to a di attack?
Thanks!