M400 - bruteforce attack, FWDeny every 20 secs
unfortunately we had a breach and one of our servers started to do a bruteforce on port 22.
In logs I can see around 100 request/second, but WG (m400 model) denies only every 20seconds
It looks like this, that in logs I can see a FWDeny, ddos client quota, and these information replicates every 20 seconds. Why? I don't have any 'auto-recovery' etc. Shouldn't it just block all of the request, if that is not a normal traffic (100/second).
What am I missing?