Quarantine users with multiple failed logins

12.1 and later In the multiple failed login quarantine method, users are allowed five failed login attempts before they are locked out of the system and quarantined for 30 minutes. Use the Multiple Failed Login Quarantine[template] to create this policy.

The Multiple Failed Login Quarantine policy contains the following rules:

Identify Multiple Failed Login
This rule identifies the users to quarantine due to multiple login failures.
Quarantine previously failed login connections
This rule uses the S-GATE SESSOIN TERMINATE action to enforce the quarantine policy and end the login session. Multiple failed logins are violation of the Payment Card Industry (PCI) data security compliance.
Tip: Ensure to populate production server group members for this policy to work as expected.