Netgear Armor hates Polisy

[dkaleita]

I recently replaced the router to which my policy is connected, and it came with a trial subscription to Netgear Armor network security software. Armor scanned every device on my network and found no security vulnerabilities on 41 out of 42 of them. The Polisy box, however, lit up the threats detected and blocked screen. Armor appears to dislike every WAN IP address that hits it- viewing them all as threats. Is this a problem? Do I need to unblock everything that comes in to Polisy? Or is Netgear Armor just fundamentally incompatible with Polisy? I'm at 38 polisy threats detected and blocked and counting in just the last few hours.

NETGEAR Armor | Powered by BITDEFENDER | Premium Online Protection

[MrBill]

12 hours ago, dkaleita said:

I recently replaced the router to which my policy is connected, and it came with a trial subscription to Netgear Armor network security software. Armor scanned every device on my network and found no security vulnerabilities on 41 out of 42 of them. The Polisy box, however, lit up the threats detected and blocked screen. Armor appears to dislike every WAN IP address that hits it- viewing them all as threats. Is this a problem? Do I need to unblock everything that comes in to Polisy? Or is Netgear Armor just fundamentally incompatible with Polisy? I'm at 38 polisy threats detected and blocked and counting in just the last few hours.

NETGEAR Armor | Powered by BITDEFENDER | Premium Online Protection

Can you post some detail about the threats?   Is there a log or block screen that tells us what its blocking?  What does "Armor appears to dislike every WAN IP address that hits it- viewing them all as threats." mean, what WAN IP addresses are you referring to?

[Geddy]

13 hours ago, dkaleita said:

The Polisy box, however, lit up the threats detected and blocked screen.

Sounds like you need to find a way to put the Polisy in a trusted device state and give it full access to the LAN/WAN.

I suggest you contact Netgear support for assistance with their product: https://kb.netgear.com/000060585/How-do-I-create-a-NETGEAR-support-case?language=en_US

Otherwise I would think it's just an annoying firewall running on the router. Perhaps using some steps from the wiki would help open up access and make it a trusted device. https://wiki.universal-devices.com/index.php?title=Configure_Firewall_Software

Thanks for letting me know that I shouldn't buy a Netgear router anytime soon. I dislike these kinds of bloat wear on home-grade routers.

[dkaleita]

3 hours ago, MrBill said:

Can you post some detail about the threats?   Is there a log or block screen that tells us what its blocking?  What does "Armor appears to dislike every WAN IP address that hits it- viewing them all as threats." mean, what WAN IP addresses are you referring to?

With the [optional] NETGEAR Armor software enabled, every couple hours I get a pop-up notification on my phone from my ORBI router that says: "NETGEAR Armor has detected and blocked an exploit attack on polisy from [address]"  A partial list of addresses blocked so far includes 94.233.197.55, 180.253.157.191, 202.125.142.18, 212.42.122.66, 42.118.24.151, 92.252.243.80, 36.80.132.110, 42.112.106.222, 81.91.139.130, 82.209.249.73, 49.231.222.2. I've gotten 42 of these notifications in the last 6 days. 

Edited April 8, 2022 by dkaleita

[MrBill]

32 minutes ago, dkaleita said:

36.80.132.110, 42.112.106.222

Indonesia

32 minutes ago, dkaleita said:

81.91.139.130

Viet Nam

35 minutes ago, dkaleita said:

82.209.249.73

Belarus

35 minutes ago, dkaleita said:

49.231.222.2

Bangkok

----

Don't unblock them!

do you use port forwarding?   I'm not sure why these would be reaching polisy.....

[jfai]

Remove all port-forwarding rules from the router. Incoming WAN IP traffic should not reach your Polisy.

[dkaleita]

I just removed all port forwarding settings from the router per suggestion.  I will monitor and report back if I get any additional attack notifications.