This article clarifies how the Brute-Force Protection feature blocks users. It explains whether the initial block for a single user account requires failed login attempts to originate from the same IP address when the Account Lockout setting is enabled.

• Brute-Force Protection

The behavior of the user block depends on where the failed login attempts originate.

• According to the Brute-Force Protection documentation, an initial user block occurs only when failed login attempts against a single user account originate from a single IP address and meet the configured threshold.

• The system does not aggregate failed login attempts from different IP addresses for the same user account.

• After an initial block is triggered, the Account Lockout feature prevents the user from logging in from any IP address.