Yeah, thinking about it the timeout increase isn't going to be helpful. I was thinking in terms of catching slower brute force attempts, but the way I'm doing it wouldn't actually work.

I may set up port knocking if it becomes an issue, right now I just dropped it down to 5 attempts with gradually increasing timeouts. Looking at the logs, the bulk of the attempts I see are separated by only 2 seconds, but I've got it set now at 2 min, 3 min, 5 min, 10 min, 20 min, 10d for the timeo...

The add-to-[xxx]-address-list actions do not stop traffic from being analyzed by the next rule when a packet matches. So you need to reverse the order or the rules for this to work. So this is a logical issue rather then a software (or firmware) issue. Ah, OK, so I'm adding the address to the list,...

I'm trying to put into place blocking of brute force RDP attempts, but it seems like the src-address-list value is being ignored - every connecting IP is added to every address list immediately, including the blacklist. The timeouts are low because I've been experimenting trying to see if it was a p...

I had something similar, but after I went through and revoked all the client certificates and the server certificate, then removed the CA, my list of certificates was empty. I wasn't watching each stage, so I'm not sure if it was removing the CA or removing the server cert that did the trick.