By default, after three failed attempts to log on to an administrator account, the account
is locked out for one hour. The lockout applies only to the IP address from which the
failed attempts were made. The login name is logged. You can change the number of
logon attempts permitted and the length of the lockout using the following CLI
commands:
config system global
set admin-lockout-threshold <tries>
set admin-lockout-duration <seconds>
end
where <tries> is permitted number of attempts, range 1 to 10 (default 3) and
<seconds> is the lockout duration in seconds, range 1 to 4,294,967,295 (default 60).
The Security Administrator can clear a lockout with the following CLI command:
execute clear system login-lockout <index>
Use a ? as the index to see the list of locked-out accounts.
User account lockout settings
Optionally, you can lock out a user’s account for a period of time after a number of
unsuccessful attempts to authenticate. You can configure this in the CLI using the
following commands:
config system global
set auth-lockout-threshold <tries>
set auth-lockout-duration <seconds>
end
where <tries> is permitted number of attempts, range 1 to 10 (default 3) and
<seconds> is the lockout duration in seconds, range 1 to 4,294,967,295, or 0 to disable
lockout. The default is 0.
is locked out for one hour. The lockout applies only to the IP address from which the
failed attempts were made. The login name is logged. You can change the number of
logon attempts permitted and the length of the lockout using the following CLI
commands:
config system global
set admin-lockout-threshold <tries>
set admin-lockout-duration <seconds>
end
where <tries> is permitted number of attempts, range 1 to 10 (default 3) and
<seconds> is the lockout duration in seconds, range 1 to 4,294,967,295 (default 60).
The Security Administrator can clear a lockout with the following CLI command:
execute clear system login-lockout <index>
Use a ? as the index to see the list of locked-out accounts.
User account lockout settings
Optionally, you can lock out a user’s account for a period of time after a number of
unsuccessful attempts to authenticate. You can configure this in the CLI using the
following commands:
config system global
set auth-lockout-threshold <tries>
set auth-lockout-duration <seconds>
end
where <tries> is permitted number of attempts, range 1 to 10 (default 3) and
<seconds> is the lockout duration in seconds, range 1 to 4,294,967,295, or 0 to disable
lockout. The default is 0.
No comments:
Post a Comment