How can I configure the SonicWall to lockout a user if the login credentials are incorrect?
05/21/2020 33 15111
How can I configure the SonicWall security appliance to lockout a user if the login credentials are incorrect?
You can configure the SonicWall security appliance to lockout an administrator or a user if the login credentials are incorrect. Navigate to MANAGE | Appliance | Base Settings and select the Enable Administrator/User Lockout checkbox to prevent users from attempting to log into the SonicWall security appliance without proper authentication credentials. Enter the number of failed attempts before the user is locked out in the Failed login attempts per minute before lockout field. Enter the length of time that must elapse before the user attempts to log into the SonicWall security appliance again in the Lockout Period (minutes) field.
CAUTION:If the administrator and a user are logging into the SonicWall security appliance using the same source IP address, the administrator is also locked out of the SonicWall security appliance. The lockout is based on the source IP address of the user or administrator.
On SonicOS 6.5.4.x onwards, we do not block the source IP, instead, it keeps giving the error as an incorrect username/password for failed login attempts. If you would like to block the IP address you can keep the option 'Enable local administrator/user account lockout (uncheck for login IP address lockout)' option unchecked.
Also, From SonicOS 6.5.4.x onwards, the lockout policy is extended for CLI users. You can apply the same lockout policy to block failed attempts from CLI. The number of attempts from CLI is also customizable using the option 'Max login attempts through CLI (same local administrator/user account lockout policy)'.