20-Mar-2019 13:12
We have brute force enabled for exchange login url and few users who has multiple mail accounts configured in single device are getting blocked with "Brute Force: Maximum login attempts are exceeded ". As per my understanding ASM Brute force is only looking for failed login attempts against the configured URL. But user account is valid and using right credentials. How F5 is tracking it as failed logins?
BF settings
Detection Period 60 Minutes Maximum Prevention Duration 60 Minutes Username Trigger: After 10 failed login attempts Action: Alarm and Captcha
User who have 3 mail boxes configured in a single device is having trouble since the connection initiating from a single IP address.
Any thoughts ?