I have a WP site in a corporate DMZ that is protected by a proxy and ISA server. The server has seen its fair share of brute force attacks on SSH access, but "fail2ban" puts a stop to those.
In my environment, though, I can't use WP-fail2ban, as the server logs all web traffic - legitimate and malicious - as coming from the same IP address, that of the ISA server.
So, if someone caused fail2ban to trigger a block, then that block would also stop legitimate user traffic.
I've already implemented various security tricks and a couple other security plugins, so I'm have to rely on those.
Other corporate admins take note.