I enabled "FTP Brute Force Attempt" (ID 40001) vulnerability protection, but my FTP server logs are still filling up with unsuccessful brute force login attempts. I've tried "drop", "drop-all-packets", and "reset-both" but it doesn't seem to make any difference. For example, last night's ftp server log shows 810 unsuccessful login attempts within a time period of 10 minutes, but the PA only shows 7 brute force attempts (action = reset-both) in that same time frame. Shouldn't it block the vast majority of brute force logon attempts?
... View more