Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
guptas
Staff
Staff

Created on ‎06-26-2023 12:11 AM Edited on ‎10-24-2025 05:44 AM By Community Manager

Article Id 261671

Technical Tip: How to change lockout period

Description

This article describes how to change the lockout period.
Scope FortiWeb.
Solution

By default, if an admin/non-admin account tries 3 attempts to log in with the wrong username/password, FortiWeb GUI/CLI locks out for 60 seconds.

 

lockout.jpg

 

It is possible to change the lockout period value and the number of valid attempts.

 

Log in to CLI and execute the command below:

 

config system global

    set admin-lockout-threshold 5 <----- Number of attempts.

    set admin-lockout-duration 80 <----- Duration for lockout.

end

 

admin lockin period.png

Note:

  • Unlocking a locked administrator account directly by another administrator is not supported.
  • Instead, the lockout will typically clear after the lockout duration passes or the device is rebooted.
  • The lockout is specific to each account name, not the IP address, and each administrator account has its own lockout settings.
  • The lockout is triggered by failed login attempts for that particular account, so managing lockout policies and waiting for the lockout duration are the primary ways to regain access.

Related documents:

admin-lockout-threshold - FortiWeb CLI reference

admin-lockout-duration - FortiWeb CLI reference
727
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.