Configure Firebox Account Lockout Settings

To prevent brute force attempts to guess your user account passwords, you can enable Account Lockout. Account Lockout settings apply to all user accounts that are configured for Firebox (Firebox-DB) authentication. You separately configure Account Lockout settings for Firebox user accounts and Device Management user accounts.

Account Lockout is supported in Fireware v11.12.2 and higher.

When Account Lockout is enabled, the Firebox temporarily locks a user account after a specified number of consecutive, unsuccessful login attempts, and permanently locks a user account after a specified number of temporary account lockouts. A permanently locked user account can be unlocked only by a user with Device Administrator credentials. For both temporary and permanent account lockouts, account lockout status is not affected when a Firebox is rebooted.

The Firebox does not clear unsuccessful login attempts unless the user successfully logs in or is locked. The count of unsuccessful login attempts is not cleared when the Firebox is rebooted.

Configure Account Lockout Settings

You can also configure Account Lockout settings for Device Management user accounts. For more information, go to:

Account Lockout Behavior

When a user tries to authenticate with a locked user account, a message on the Authentication Portal page shows whether the user account is temporarily or permanently locked out.

Screen shot of the authentication portal page with a lockout message

If a user tries to authenticate from a Mobile VPN client with a locked user account, authentication fails, but there is no message to the user that the user account is locked.

Unlock a Locked User Account

Before you can unlock a locked user account, you must log in to the Firebox as a user with Device Administrator credentials.

To unlock a locked Firebox user account, from Fireware Web UI:

  1. Select Authentication > Servers.
    The Authentication Servers page appears.
  2. From the Authentication Servers list, select Firebox.
    The Firebox settings page appears, with the Users and Groups tab selected. In the Firebox Users section, the Lockout Status column shows whether a user account is locked.

Screenshot of the Firebox Users list with a locked account

  1. Select the check box for one or more locked user accounts.
  2. Click Unlock.
    A confirmation message appears.
  3. Click Yes.

You can also unlock a user account from the Authentication List tab in Firebox System Manager. For more information, go to See Authenticated Users in Firebox System Manager.

Related Topics

Configure Your Firebox as an Authentication Server