I believe restore_console_access is only for the local console. Use 'cf policy q | less' hit / to search and then type Admin Console and hit enter. Find the Admin Console rule and make sure the parameters are all correct, that is the source and dest zones are the same and look at the authenticator too.
Also try 'cf auth h' and find the lockout command to see if the user is locked out. It will reset the lockout for a user if you login on the CONSOLE with that user, but not for SSH (that is, if you're locked out you should not be able to login via SSH either).
Make sure you are NOT typing the password into the Password drop down field and that you are hitting enter at the username prompt and typing the pw into the correct field.
Thank you for the assistance, the issue was resolved. Used the 'cf auth list user=username', and seen that the lockout value did not reset automatically as it should when you login to the CONSOLE. So I had to use the 'cf auth flush user=username' command to clear the lockout value manually. Once that was done I was able to login to the Admin Console.
I believe there's a reset_lockout value there also. Is that set to no? That would explain it.
There is no reset_lockout value when utilizing the 'Password' authenticator option. For one reason or the other, the lockout attempt value just did not clear when logging into the firewall through the local console.