Quarantine users with multiple failed logins
12.1 and later In the multiple failed login quarantine method, users are allowed five failed login attempts
before they are locked out of the system and quarantined for 30 minutes. Use the Multiple
Failed Login Quarantine[template]
to create this policy.
The Multiple Failed Login Quarantine
policy contains the following rules:
- Identify Multiple Failed Login
- This rule identifies the users to quarantine due to multiple login failures.
- Quarantine previously failed login connections
- This rule uses the S-GATE SESSOIN TERMINATE action to enforce the quarantine policy and end the login session. Multiple failed logins are violation of the Payment Card Industry (PCI) data security compliance.
Tip: Ensure to populate production server group members for this policy to work as
expected.