Are there retry limits on SSLVPN login attempts?

Answers

• SYSADMIN Newbie ✭

  September 2023

  great! Are failed attempts logged?

  0
• SYSADMIN Newbie ✭

  September 2023

  Thanks, that will help. Is there a document/page that describes these settings in more detail so I don't have to post findable answers to the Community? For example I'd like to find out more about "User Account lockout" versus "User is now locked out" ... for how long they are locked out, temporary/permanent lockout, when/how unlocked - manual/auto, etc. Likewise info for some of the other log settings.

  0
• AZSNWL Newbie ✭

  September 2023

  Your SSLVPN users may adopt some password restrictions depending on how you authenticate the users. An example would be Active Directory. If your policy says to lock the account after 4 failed attempts, the 5 default attempts don't really come into play.

  Are the any limits in the TZ400 on how many times this login can be tried and failed? - No a bot/hacker can do this all day. If you have proper security, the account should lock until addressed by an administrator.

  what are the counter measures? - a good security posture that monitors logs and responds when accounts are being attacked. SSO, two factor authentication.

  Is the attempting IP blocked for some period of time? - This does not happen. If the account gets locked, it will only be unlocked based on the configuration you have in place. (administration page, GPO, etc)

  Are failed attempts logged? Yes. You should see this in the Logs and maybe on your servers as well.

  Also, note that the root admin accounts settings can differ for "user" account settings, either local database, AD, Radius etc.

  
  

  Hope some of this was helpful to someone. ;-)

  0