IP blocking based on failed authentication attempts
Recently a customer reported to me that on his domain controller he had received hundreds of authentication attempts and that the source IP was that of the Firewall.
Upon investigation, I detected that the attempts were coming from the SSL VPN gateway that WatchGuard enables when configuring this VPN.
Seeing the above, I wonder if it will be possible to block Source IP addresses based on failed authentication attempts in the WatchGuard VPN Portal? For example, after 3 failed attempts, the Firewall will automatically block the Source IP address.