Description
This article how to set maximum number of use attempts for firewall authentication before users lockout is triggered and set Lockout period for user authentication.
Solution
When a user try to login for captive portal, you could set the maximum attempts for the user authentication and can lock the user account for a particular time.
FortiGate is configured with user 'test' and enabled with security-mode captive-portal.
This article how to set maximum number of use attempts for firewall authentication before users lockout is triggered and set Lockout period for user authentication.
Solution
When a user try to login for captive portal, you could set the maximum attempts for the user authentication and can lock the user account for a particular time.
# config user settingFor example.
set auth-lockout-threshold x <----- Max number of failed login attempts (range[1-10]).
set auth-lockout-duration yy <----- Lockout period in seconds (range[0-4294967295]).
end
FortiGate is configured with user 'test' and enabled with security-mode captive-portal.
# config user groupMaximum authentication attempts is set to 2 and 'auth-lockout-duration' as 100 seconds.
edit "test_grp"
set member "test"
next
end
# config system interface
edit "mgmt"
set security-mode captive-portal
set security-exempt-list "mgmt-exempt-list"
set security-groups "test_grp"
set device-identification enable
set role lan
set snmp-index 2
next
end
# config user settingWhen user enters wrong credentials for two attempts, his account will be locked for duration 100 seconds and in the third attempt user will get the below message.
set auth-lockout-threshold 2
set auth-lockout-duration 100
end
In the FortiGate user event logs, see the related logs for failed authentication and user lockout information.
