Hi, We are currently using Sophos UTM 9 as our front end firewall using WAF, IPS and NAT functionality but after a recent pen test we were pulled up on lacking single IP brute force protection and after talking with Sophos found out that they are not willing at this time to add a rule to block an IP for a period of time if the request rate goes above a set threshold in a set time period. So what I would like to know is what other people are using in AWS for the same/similar functionality so I can get some more options. What I am currently looking at is.. 1. Leave Sophos UTM in place and put the AWS ALB & WAF in front and have 1 rule to handle the IP blocking. 2. Remove Sophos and just use AWS ALB/ELB and WAF. though this will remove the IPS protection on the NAT routes and require constant updating of the WAF rules to stay current (possible negate a bit by paying for a managed rule set). 3. Replace Sophos UTM with another marketplace companies firewall that has the IPS/WAF and NAT functionality we need and is not a nightmare to actually configure (web configuration interface preferred). Thanks in advance.