I tried applying policy for blocking specific IPs, but so far no success.
Under security policies:
from-zone Untrust to-zone ArtDept policy blockIP match source-address
badIP1from-zone Untrust to-zone ArtDept policy blockIP match source-address
badIP2from-zone Untrust to-zone ArtDept policy blockIP match destination-address any
from-zone Untrust to-zone ArtDept policy blockIP match application any
from-zone Untrust to-zone ArtDept policy blockIP then reject
I populated global address book with the two IPs in focus, but when I checked my logs again, I see the same entries repeated:
SSHD_LOGIN_FAILED: Login failed for user 'bob' from host 'X.X.X.1'
SSHD_LOGIN_FAILED: Login failed for user 'pi' from host 'X.X.X.2'
What am I missing?