Now I got you wrong, sorry.
The "Trusted Hosts" are trusted because you declare them to be. It's a whitelist of IP addresses for admin access.
If you want to further protect the admin access (without TH) then you may add an IPS rate filter to a local-in policy. Rate filters looks for certain events (traffic patterns) which are detected by an IPS signature, count and time them and trigger an action if the event occurs more often per time unit than specified. The client IP address is then either blocked permanently or suspended for some time period.
The goal is to prevent brute forcing a password protected access.
In the past, I've posted such an IPS rate filter here, searching should find it. In v5.2, IPS rate filters can be created in the GUI. The difficult part probably is how to detect an invalid login attempt, by scanning either client traffic or the server's response messages.
"Kernel panic: Aiee, killing interrupt handler!"