IP blocking based on failed authentication attempts

Recently a customer reported to me that on his domain controller he had received hundreds of authentication attempts and that the source IP was that of the Firewall.

Upon investigation, I detected that the attempts were coming from the SSL VPN gateway that WatchGuard enables when configuring this VPN.

Seeing the above, I wonder if it will be possible to block Source IP addresses based on failed authentication attempts in the WatchGuard VPN Portal? For example, after 3 failed attempts, the Firewall will automatically block the Source IP address.


Sign In to comment.