CAUTION: If the administrator and a user are logging into the firewall using the same
source IP address, the administrator is also locked out of the firewall. The lockout is
based on the source IP address of the user or administrator.
a.
Select Enable local admin/user account lockout (uncheck for login IP address lockout).
This option locks out user accounts and IP addresses when they have surpassed a specified
number of incorrect login attempts. This option is only available when admin/user lockout is
enabled.
b.
Select Log event only without lockout for SonicOS to log failed user login attempts that
have reached the established threshold, but does not lock out the user or IP address. This
option is only available when Admin/user lockout is enabled.
After a user or IP address is locked out, a “User login denied - User is locked out” message
displays on the login screen and the login is rejected.
NOTE: You can review and edit all locked out user accounts on the Active Users page
when local admin/user account lockout is enabled.
c.
Enter the number of failed attempts within a specified time frame before the user is locked out
in the Failed login attempts per minute before lockout field. The default number
is 5, the minimum is 1, and the maximum is 99. Enter the maximum time in which failed
attempts can be made. The default is 5 minutes, the minimum is 1 minute, and the maximum
is 240 minutes (4 hours).
d.
Enter the length of time that must elapse before the user is allowed to attempt to log into the
firewall again in the Lockout Period (mins) field. The default is 5 minutes, the minimum is
0 (permanent lockout), and the maximum is 60 minutes.
3.
Enter the number of incorrect login attempts from the command line interface (CLI) that triggers a
lockout in the Max login attempts through CLI field. The default is 5, the minimum is 3, and the
maximum is 15.
4.
Click Accept.
Multiple Administrators Support
SonicOS supports multiple concurrent administrators with full administrator privileges, read-only privileges,
and limited privileges. The original version of SonicOS supported only a single administrator to log on to a
firewall with full administrative privileges. Additional users can be granted “limited administrator” access, but
only one administrator can have full access to modify all areas of the SonicOS GUI at one time.
SonicOS provides support for multiple concurrent administrators. This feature allows for multiple users to
log-in with full administrator privileges. In addition to using the default admin user name, additional
administrator user names can be created. Because of the potential for conflicts caused by multiple
administrators making configuration changes at the same time, only one administrator is allowed to make
configuration changes. The additional administrators are given full access to the GUI, but they cannot make
configuration changes.
Multiple Administrators Support provides the following benefits:
l Improved productivity: Allowing multiple administrators to access a firewall simultaneously
eliminates auto logout, a situation that occurs when two administrators require access to the
appliance at the same time and one is automatically forced out of the system.
SonicOS 7 Device Settings Administration Guide
System Administration
17