Make sure that your version of Advanced Security is the latest. 
There was a display issue bug that has been fixed since version 3.6

The 127.0.0.1 addresses shown is normal : When connecting using HTML5, a local session is created with 127.0.0.1 IP address, then the graphical display of the session is forwarded in a web browser using HTML5. 

We had to develop a specific component to be able to capture remote IP from the client browser. 

This is available with latest release of Advanced Security after restarting TSplus web services or rebooting your server, 
and to make sure this is in place you can edit the settings.bin file located in `C:\Program Files (x86)\TSplus\Clients\webservers\settings.bin` 
and make sure that the line `log_rdp_ip="1mb" is present. 

This will only affect login through web interface, as brute force robots were already blocked since they all use standard RDP for attacks. 

Please keep also in mind that Advanced Security works with Windows Firewall, so if a third party firewall is already set into place, it will most likely conflict with Advanced Security and prevent it from applying its rules.