Method used to change the maximum number of allowed login failures for the USG2000&5000 series

0

—For a VTY or console administrator, the maximum number of allowed authentication failures can be set in the lock authentication-count command. The default value is 3.
# Set the threshold for authentication attempts to 5 on the console port.
system-view
[sysname] user-interface console 0
[sysname-ui-console0] lock authentication-count 5

—For users who log in through Telnet, SSH, web UI, FTP, SFTP, or SNMP, run the firewall blacklist authentication-count login-failed command to set the threshold for authentication attempts.
By default, the value is 3 for Telnet, SSH, web, FTP, and SFTP users or 6 for SNMP users.
# Set the threshold for authentication attempts to 5 for administrators who log in through the web UI.
system-view
[sysname] firewall blacklist authentication-count login-failed 5

If the number of consecutive wrong passwords exceeds the specified threshold, the client IP address is blacklisted to prevent more login attempts.
By default, the blacklist entry will be time out in 10 minutes. That is, the user can try to log in again using the same IP address 10 minutes later.

Other related questions:
Method used to change the maximum number of allowed login failures for the USG6000 series
—For a VTY or console administrator, the maximum number of allowed authentication failures can be set in the lock authentication-count command. The default value is 3. # Set the threshold for authentication attempts to 5 on the console port. system-view [sysname] user-interface console 0 [sysname-ui-console0] lock authentication-count 5 —For users who log in through Telnet, SSH, web UI, FTP, SFTP, or SNMP, run the firewall blacklist authentication-count login-failed command to set the threshold for authentication attempts. By default, the value is 3 for Telnet, SSH, web, FTP, and SFTP users or 6 for SNMP users. # Set the threshold for authentication attempts to 5 for administrators who log in through the web UI. system-view [sysname] firewall blacklist authentication-count login-failed 5 If the number of consecutive wrong passwords exceeds the specified threshold, the client IP address is blacklisted to prevent more login attempts. By default, the blacklist entry will be time out in 10 minutes. That is, the user can try to log in again using the same IP address 10 minutes later.

Login method of the USG2000&5000 series
The USG2000&5000 series supports login through the console port, web UI, Telnet, and SSH.

Method used to cancel the password change prompt for the USG2000&5000 series
For the USG2000&5000 series, you can run the undo local-user password-modify enable command to cancel the password change prompt.
After the password change function, local users who have logged in through Telnet, SSH, web UI, or console port can change their password in the following situations:
- Upon the first login, the system forces you to change the password.
- When the user password expires, the system displays a message, asking you to change the password.
- Run the local-user password valid-days command to change the validity period of the password.
The password change function is disabled by default.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top