search cancel

Modify Local User Password Policy on ProxySG

book

Article ID: 175972

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You would like to manage the local user password policy on the ProxySG appliance. This article covers setting the maximum failed attempts, lockout duration, reset interval and how to disable these settings.

Resolution

Change the Lockout parameters:

  1.  Max failed attempts
    #(config) security local-user-list edit <user-list-name>
    #(config local-user-list <user-list-name>) max-failed-attempts <attempts>
  2. Lockout duration
    #(config) security local-user-list edit <user-list-name>
    #(config local-user-list <user-list-name>) lockout-duration <seconds>
  3. Reset interval
    #(config) security local-user-list edit <user-list-name>
    #(config local-user-list <user-list-name>) reset-interval <seconds>
  4. Disable the settings
    #(config) security local-user-list edit <user-list-name>
    #(config local-user-list <user-list-name>) no [lockout-duration | max-failed-attempts | reset-interval]


Example:

  1. Max failed attempts - The number of failed attempts to login to an ProxySG appliance before the user account is locked. The default is 60 attempts.
    #(config) security local-user-list edit mylocaldb
    #(config local-user-list mylocaldb) max-failed-attempts 60
  2. Lockout duration - The length of time a user account is locked out after too many failed password attempts. The default is 3600.
    #(config) security local-user-list edit mylocaldb
    #(config local-user-list mylocaldb) lockout-duration 3600
  3. Reset interval - The length of seconds to wait after the last failed attempt before resetting the failed counter to zero.
    #(config) security local-user-list edit mylocaldb
    #(config local-user-list mylocaldb) reset-interval 10
  4. Disable the settings - Disables the settings for this user list.
    #(config) security local-user-list edit mylocaldb
    #(config local-user-list mylocaldb) no [lockout-duration | max-failed-attempts | reset-interval]