IP-based access controls for l2tp and pptp to limit unwanted login attempts
Today, it is quite possible to brute-force attack L2TP and PPTP as there is no way to drop incoming requests based on IP, geo or any other variable.
I would like the ability to assign a network rule (or equivalent) that drops requests for such features before entering the firewall, before reaching authentication. Much like ACL exceptions for device access does.
This is not possible today, and we have to contend with miles of logs with login requests and tries from far away, just probing for passwords.