Forum Discussion

ter9's avatar
ter9
Icon for Altostratus rankAltostratus
Mar 15, 2024

Slowdown of login attempts on APM SSLVPN

Hello experts,

I have a question about slowing down failed logins from automated sources

Version: 16.1.4.1.0.50
Using APM for SSLVPN and LTM

Problem:
We have lots of attempts to "door knock" the VPN by trying random usernames - "admin" "chris", etc. So far we have blocked by country, but as it is only a blacklist we need to constantly update it and it's not a sustainable or clever solution.

I know there are options for login slowdown on other WAF solutions and would like to see if what the options are on F5. By that I mean if a source IP address tries, say 3 times to login and fails every time then they have to wait 30 seconds, then if they try another 3 times they have to wait twice as long, 60 seconds. In this way we can slow down the login attempts as they mostly come repeatedly from the same IP addresses.

At the moment we don't use ASM/AWAF, although I think it is an option according to the licence information:

Best Bundle, VE-200M(Perpetual) 
...
ASM, VE
...

Is there an APM feature to acheive this? That would obviously be the easiest.

If ASM is needed, what is the simplest ASM option?

Many thanks,
Peter