I'm currently faced with an issue where an administrative user is being locked out because multiple attempts are failing.
These attempts and connections, are routed through an F5 virtual server, which has Automap enabled, so the requests appear to be coming from the F5 itself.
Is it possible, somehow, to intercept the username of this request and the client IP, in order to ascertain where the lockout attempts are coming from?
Thanks a lot in advance
If you can stop the SNAT Auto Map and configure your network and routing to return LDAP replies back to the F5 device ?
You can also review this post: