Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hhasny
Staff
Staff

Created on ‎07-31-2022 09:52 PM

Article Id 219176

Technical Tip: How to clear disabled admin lockout

Description

This article describes how to clear the disable admin lockout due to multiple login failures.
Scope

When an admin has been lockout due to multiple login failures, clear the lockout. 
Solution

It is possible to clear the lockout by re-configuring the lockout-duration value to a lower value and let time pass.

 

FGT# config system global
FGT(global) set admin-lockout-duration 600 <-----  Lockout is 600 secs and login disable.
FGT end

 

hhasny_0-1659326590215.pnghhasny_1-1659326605357.png

 

FGT# config system global
FGT(global) set admin-lockout-duration 5 <----- Change to lower value and let pass to clear.
FGT end

 

After the 5 seconds lockout duration, the disabled admin would have access again.

Re-configure the value back to the previous lockout-duration once the disabled admin is cleared.

 

hhasny_3-1659326667466.png

 

Note.

The lockout duration is based on IP address. The same admin user may still login from a different IP source.

 

hhasny_4-1659326739272.png

 

For admin best practice, refer the following document.

http://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/582009/system-administrat...
3578
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.