Method used to change the maximum number of allowed login failures for the USG2000&5000 series

—For a VTY or console administrator, the maximum number of allowed authentication failures can be set in the lock authentication-count command. The default value is 3.
# Set the threshold for authentication attempts to 5 on the console port.
[sysname] user-interface console 0
[sysname-ui-console0] lock authentication-count 5

—For users who log in through Telnet, SSH, web UI, FTP, SFTP, or SNMP, run the firewall blacklist authentication-count login-failed command to set the threshold for authentication attempts.
By default, the value is 3 for Telnet, SSH, web, FTP, and SFTP users or 6 for SNMP users.
# Set the threshold for authentication attempts to 5 for administrators who log in through the web UI.
[sysname] firewall blacklist authentication-count login-failed 5

If the number of consecutive wrong passwords exceeds the specified threshold, the client IP address is blacklisted to prevent more login attempts.
By default, the blacklist entry will be time out in 10 minutes. That is, the user can try to log in again using the same IP address 10 minutes later.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat To Google
Scroll to top