Hi,

Im configuring a 2920n.

I need to lock down 2 ports so only 4 particular public IP's have access.

I have created the Open Port:

Interface: WAN1
Local Computer: internal ip
TCP Port X
UDP Port Y


I have created an IP Object for each IP address as follows:

Name: port XY access
Interface: Any
Address Type: Single Address
Start IP: Public IP #1
Invert Selection: ticked

Now i put the 4 IP Objects into an Object group with the settings:

Name: Port XY Object Group
Interface: Any
Add the 4 objects into the group


So then i go off and create the Firewall Filter Set.

Open up Default Data Set 2 and set rule 2 as follows:

Enable Filter Rule ticked
Name: Allow XY Acc
Direction: WAN -> LAN/RT/VPN
Source IP: Port XY Group
Destination IP: internal server IP
Service Type: TCP/UDP, port from any, to port XY
Filter: Block Immediately

Now because i selected Invert Selection on each of the the public IP's when i set up the IP Objects that should now block all traffic on ports XY apart from those 4 public IP's

However it doesnt, I can still telnet to those ports from IP's i shouldnt be able too.

I have tried not inverting them
I have tried not using groups and adding in each IP as a seperate rule in the filter group
I have tried not inverting them and choosing Allow immediately

Can anybody suggest whats now working and why the port is still wide open to the google waves?

TIA