Conn limit

[ragu2k8]

"20 authentication failures from all sources in 5 minutes
5 authentication failures per source IP in 5 minutes"

When this event occurs, how long will the system block or protect itself from the affected source IPs? Is there a defined time limit or boundary for this protection?

[alei121]

The 20 auth failures for all had been removed due to revised security policy.
As for 5 auth failures, it blocks access when 5 failures occur within the last 5 minutes. It doesn't block for a specific time. In other words, whenever there is an auth, it checks if 5 failures occurs within the last 5 minutes first before proceeding.