Once I had broken it into 2 rules and started testing, I realised that there were other rules (5503, 5720, 2501, 25020) which kick in on multiple authentication failures. So I lowered the level of rules 1002 and 5716, and am using the default rules listed above.
Thanks for your help On 23 Sep, 11:58, Doug Burks <[email protected]> wrote: > Have you considered breaking it into two rules like this?
