FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hhasny
Staff
Staff
Description

This article describes how to clear the disable admin lockout due to multiple login failures.

Scope

When an admin has been lockout due to multiple login failures, clear the lockout. 

Solution

It is possible to clear the lockout by re-configuring the lockout-duration value to a lower value and let time pass.

 

FGT# config system global
FGT(global) set admin-lockout-duration 600 <-----  Lockout is 600 secs and login disable.
FGT end

 

hhasny_0-1659326590215.pnghhasny_1-1659326605357.png

 

FGT# config system global
FGT(global) set admin-lockout-duration 5 <----- Change to lower value and let pass to clear.
FGT end

 

After the 5 seconds lockout duration, the disabled admin would have access again.

Re-configure the value back to the previous lockout-duration once the disabled admin is cleared.

 

hhasny_3-1659326667466.png

 

Note.

The lockout duration is based on IP address. The same admin user may still login from a different IP source.

 

hhasny_4-1659326739272.png

 

For admin best practice, refer the following document.

http://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/582009/system-administrat...

Contributors