@ruggerio we are trying to protect the internal services ( mail server,.......) IDS is already activated on the WAN side.
@Davesworld Well explained thank you so much,We are using IDS however sometime we can't block the whole country. in this case we want to block those IP who are trying to access the mail server or other services behind the firewall which we have their Port NAT on the fierwall @ruggerio we are trying to protect the internal services ( mail server,.......) IDS is already activated on the WAN side.