At the moment if a malicious user detection blocks a client not on layer 3 ip address but using user identification policies on something else like TLS fingerprint + header or Cookie this data is not shared between the RE so if an attacker goes to another RE by changing their Layer 3 ip address to another that is in another country they will bypass that they are already blocked by the Malicious User Detection feature.