fail2ban is great, but only works on the local host.
The post says: "Right now our perimeter firewall is blind to whether a brief SSH connection was successful or not"
(I suspect there's a way to set up centralised logging and fail2ban running looking at those centralised logs and sending updates to a perimeter firewall, but that's not a typical deployment of fail2ban. Or at least is wasn't when I was heavily using it a while back.)
The post says: "Right now our perimeter firewall is blind to whether a brief SSH connection was successful or not"
(I suspect there's a way to set up centralised logging and fail2ban running looking at those centralised logs and sending updates to a perimeter firewall, but that's not a typical deployment of fail2ban. Or at least is wasn't when I was heavily using it a while back.)