How can one edit the time in the bad logon reset counter?

jefazo92 · ‎07-11-2024

Hi everyone,

By default Fortigate is set to have a maximum of 3 password attempts and a 60 second lockout. But I want to set the bad logon counter to 15 seconds so that after a user has typed in for the first or second time the wrong credentials (before reaching the password attempt threshold) and waits for 15 seconds, the number of wrongly typed passwords is reset back to 0 and he can retry again. What commands should I run to make this happen?

hbac · ‎07-11-2024

Hi @jefazo92,

Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-user-maximum-number-of-failed-logi...

Regards,

jefazo92 · ‎07-11-2024

Thank you @hbac but that is not what I am referring to. I already implemented those commands, but what I want is to change is the time one has to wait for the wrong password count to go back to 0 after, let's say, 15 seconds of no retry. This is independent from the lockout threshold and the lockout period

abarushka · ‎07-11-2024

Hello,

In case you are referring to administrator logging in, you may find useful the link below:

config system global
    set admin-lockout-threshold <failed_attempts>
    set admin-lockout-duration <seconds>
end

https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/631730/setting-the-administrator-passwo...

FortiGate

jefazo92 · ‎07-11-2024

Thank you @abarushka but it is not what I am looking for. Please refer to my post and my reply to hbac to understand better what I want to implement.

How can one edit the time in the bad logon reset counter?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website