Hi Fortigurus,
if an administrator has entered "Too many login failures. Please try again in a few minutes..." lockout state, using CLI command, how can I see which administrator is locked-out and what's the CLI command to unlock (before expiry)?
R's, Alex
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
emnoc wrote:
what is your lock-out time? 1 2 3 mins or what ?
Ideally, if ADMINISTRATOR can't authenticate, lockout is indefinite. Unlocked only by another administrator.
Alex,
invalid SSL VPN logins is not the same as invalid admin logins (what your question was about). Not all situations which appear to be 'similar' need to be handled in a similar fashion in FortiOS.
SSLVPN is IMHO just a user login, and I would have expected to see violators in the quarantine. But the threshold is def. not set in 'admin-lockout-threshold'.
edit:
config vpn ssl settings
set login-attempt-limit {integer} SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no
limit). range[0-4294967295]
set login-block-time {integer} Time for which a user is blocked from logging in after too many failed login attempts
(0 - 86400 sec, default = 60). range[0-4294967295]
and I would expect failed login IPs in User > Quarantine.
Ideally, if ADMINISTRATOR can't authenticate, lockout is indefinite. Unlocked only by another administrator.
Not correct by any means, also when your address is locked out you can use another address and the same admin account to login in. If what you stated was correct, a hacker could conduct a denial of service attack and lock out any "admin" account.
Btw, I never use the default "admin" for the system in a fortigate.
Ken Felix
PCNSE
NSE
StrongSwan
7.2.6
diagnose user banned-ip [option]
list List banned IPs.
add Add banned IP address.
delete Delete banned IP address.
clear Clear all banned IP addresses.
stat stat
Hello @AlexFeren ,
Thank you for contacting the Fortinet Forum portal.
Please refer to below article
Best regards,
Manasa.
If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.