Staff 10018 Posted ... @lostagain Hello! Trivially because when your system is in the virtual network, it is also in the real network provided by your ISP. You will not receive unsolicited packets from the VPN if you don't forward ports remotely, but you can still receive them from your ISP network. Network Lock will block those incoming packets but that will not prevent a DDoS of course . A better solution is that you do not forward packets from your router to your systems when your systems are in the VPN. Also remember that if you forward remotely ports, you will be protected by the global anti-DDoS system on the server datacenter, and you will not have specific traffic inspection for your forwarded packets to filter them against attacks. We do not inspect our customer packets by policy and our network remains agnostic. Kind regards Quote Share this post Link to post