|
CHAPTER 2: Administration Mode Commands28 WatchGuard Vclass 5.1account commandWG#adminWG(admin)#account-login_limit-login_limit <0-10>-status-unlock |all-allEffectAllows you to view, set, and clear failed login attempt lim-its. Login limits provide a further level of security, andeliminate susceptibility to a “brute force” password hacks.The account management feature is available in all threeoperation modes (normal, FIPS, and CC).The CLI allows only the root superadmin “admin” to login, while rejecting all other accounts, including user-defined superamin accounts. If you set the login_limitfeature on the root superadmin user, it is possible for thesuperadmin to be locked out of the system.To work around this possible problem:1 Create another superadmin account in addition to theroot superadmin “admin” account, using Vcontroller,before you set the login_limit for the rootsuperadmin account.If the root superadmin “admin” is locked out because ofexceeded login failures, you can use this separate, non-root-levelsuperadmin account to login to Vcontroller with fulladministration privileges.2 In a text editor, create and save an ASCII text file withthe following two lines:adminaccount -unlock admin3 In Vcontroller, click Diagnostics/CLI and select the CLItab.This feature allows you to select a text file that contains CLIcommands.
PreviousNext |