Version Affected: 20.06 onwards
Newer versions of SecureAuth come with Dynamic IP blocking. This can be enabled in a New Experience policy or manually with a Web Config edit on classic realms.
Activating Dynamic IP blocking is easier in the New Experience as you simply add it to a Policy.
It is achievable in Classic with the following steps.
- In the New Experience, click on IP filtering to set the length of time and the number of failed login parameters. These settings are global and apply to any realm that has Dynamic IP blocking enabled
- For new experience realms, you simply add Dynamic IP to the Policy
- For a Classic realms, decrypt the web.config
- Add the following key in the AppSettings section
<add key="IPBlockingServiceEnabled" value="True" />
5. Now search for State1 within the web.config to get to the Adaptive Auth settings
Replace the current settings as follows
<analyzeEngine enabled="true" beginState="State1">
<state name="State1" type="SecureAuth.AnalyzeEngine.State.AdaptiveIpBlockState"
category="PostAuthenticationState" requireUserId="false" enabled="true">
<constraint name="C1" key="adaptiveipblock" action="in">
<transition on="true" to="HardStop" />
<transition on="false" to="next" />
<transition on="unavailable" to="next" />
<transition on="ipv6" to="HardStop" />
6. Finally, in the WSTrust Blocking section of the Post Auth tab, select the Checkbox for "Use Adaptive Authentication for initial IP Blocking"
7. Click Save
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.