1. Yes, it is a SSG5 and / or a SSG 140. Sorry...I missed to mention that.
2. No, the packet is not blocked. This is why I receive the messages, that a packet has been rejected, because no corrensponding VPN gateway is configured. But these messages are flooding the logs. So want to block packets coming from that source to my juniper device, so these packets don't get "parsed" (for VPN configs) and rejected later.
I think, this should be a basic function for a firewall to block some traffic, coming in on an interface. But this seems to - somehow - be the problem here, as these packets already arive on the "external" zone.
My thinking would be, that, if my "external" interface would be in another zone, for example "EXTERNAL", I could generate an inter-zone policy rule that would block this.
Any further advice?
Regards,