Enhance security with login attempt lockout and enforce password complexity in SonicOS 7.3 and SonicOS 8.0.3

SonicOS 7.3 and SonicOS 8.0.3 introduces enhanced authentication security controls designed to protect firewall access and local user accounts. This includes:

• Admin/user lockout is enabled by default, which mitigates brute-force login attempts.
• Enforce password complexity is set to Alphanumeric and symbolic by default, which ensures stronger credentials are used by local and admin users.

NOTE: There is no change in user behavior when upgrading from an earlier SonicOS version to 7.3 or 8.0.3 . These features are not enabled by default, but we highly recommend enabling them to strengthen security. 

Applies To:

• SonicWall Gen7 Firewalls running SonicOS 7.3 and SonicOS 8.0.3.
• Local Users and Admin Accounts (non-LDAP/RADIUS/SAML)

Key Enhancements in SonicOS 7.3 and SonicOS 8.0.3:

Admin/user lockout is enabled by default (Recommended).

• Temporarily block the source IP after N failed login attempts (configurable).
• Helps prevent unauthorized access via brute-force attacks.
• Lockout period and attempt threshold can be configured under Device|Settings|Administration.

Behavior when enabled.

• The firewall will temporarily block the source IP address from which the login attempts are made after the configured number of failed attempts (default is 3).

Enforce Password Complexity (Recommended)

• Enforces Alphanumeric and symbolic password policy
• Requirements include:
  • Minimum length of 8 characters.
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character
    

 NOTE: Only the listed special characters are allowed that include:"!","@","#","$","%","^","&","*","(", and")". Other special characters are treated as illegal character and they could generate errors.

Behavior When Enabled

Existing Local & Admin Users

• Upon next login, users are redirected to the Captive Portal and prompted to update their password to meet the new complexity requirements.

New Local Users

• When a new user is created, the firewall allows setting any password initially. However, during the first login, if the password does not meet the configured complexity requirements, the user will be redirected to the captive portal and required to update their password accordingly.

How to Enable These Features.

1. Login to SonicOS 7.3 or SonicOS 8.0.3 UI
2. Navigate to: Device|Settings |Administration|Login/Multiple Administrators.
3. Enable:
   • Admin/user lockout
     • Failed login attempts before lockout value 3, every 1 minute, Lockout Period (mins) 5
   • Enforce password complexity
     • configure:
       • At least one uppercase letter
       • At least one lowercase letter
       • At least one number
       • At least one special character

Best Practices

• Combine this with MFA (Multi-Factor Authentication) for All users.