SonicOS 7.3 Users

Technical Documentation>  Configuring User Settings>  Credential Auditor>  Configuring Credential Auditor
Table of Contents

Configuring Credential Auditor

To configure the Credential Auditor

  1. Navigate to Device > Users > Settings > Credential Auditor.

  2. Turn on the Enable Credential Auditor toggle button.

  3. In the Periodic Checking section, set the Periodic Check Frequency.

    You can set the periodic check frequency in minutes, hours, or days. For example, if you set the periodic check frequency as 5 minutes, the system checks for compromised passwords every 5 minutes.

    During periodic checks, if a compromised password is detected, the access to the appliance is restricted for local users and the built-in administrator. This restriction applies to web login, VPN client login, and CLI access via SSH. However, it does not block administrator access through the console port, nor does it block users who are authenticated via Single Sign-On (SSO).

  4. To restrict access to the appliance when a compromised password is detected during periodic checks,

    • For local users and For the built-in Admin, select one of the following actions from the drop-down menu:

      • Block remote access: The user is only allowed to login from the trusted locations. A user can restore remote access by resetting password but only if they can access a secure internal location. Otherwise, the user must contact a firewall administrator.

        The trusted locations include the LAN zone, the MGMT zone, and any other zones with security type 'Trusted', and remote locations connected through a site-to-site VPN tunnel including GMS.

      • Block remote access except GMS/NSM: The user is not allowed to login from any locations except GMS/NSM. To restore remote access, a user must contact a firewall administrator.

      • Block all but console access: The user is not allowed to login from any locations apart from the admins on the console port. To restore remote access, a user must contact a firewall administrator.

      • Block all but console and GMS/NSM: The user is not allowed to login from any locations apart from the admins on the console port and GMS/NSM. To restore remote access, a user must contact a firewall administrator.

    • For a LDAP bind password, select one of the following actions from the drop-down menu:

      • Only issue a warning: The user is notified about the compromised password, and no change is enforced.

      • Disable LDAP Server: All LDAP servers bound to the compromised account are disabled.

  5. In the Setting New Passwords section, to restrict the use of compromised passwords while setting new passwords, turn on the toggle button.

    • For local users

    • For the built-in Admin

    • For a LDAP bind password

  6. In the During Login section, to block externally authenticated users from signing in with a compromised password, turn on the Block login of externally authenticated users with a compromised password toggle button.

    This setting applies only to externally authenticated users such as those authenticated via RADIUS, LDAP, and so on. To block a local user from signing in with a compromised password, you must enable periodic checking and select an action from the drop-down.

  7. Click Accept to save the settings.