Fortinet black logo

Administration Guide

Lockouts

Lockouts

For various security reasons, you may want to lock a user’s account. For example, repeated unsuccessful attempts to log in might indicate an attempt at unauthorized access.

Information on locked-out users can be viewed in the Top User Lockouts widget, see Top user lockouts widget.

Currently locked-out users can be viewed in Monitor > Authentication > Locked-out Users.

To configure the user lockout policy:
  1. Go to Authentication > User Account Policies > Lockouts.
  2. Configure the following settings, then select OK to apply any changes:
    Enable user account lockout policyEnable user account lockout for failed login attempts and enter the maximum number of allowed failed attempts in the Maximum failed login attempts field.
    Specify lockout period

    Enable to specify the length of the lockout period, from 60 to 86400 seconds (or one minute to one day). After the lockout period expires, the Maximum failed login attempts number applies again.

    When disabled, locked out users are permanently disabled until an administrator manually re-enables them.

    Enable inactive user lockout

    Select to enable disabling a local user account if there is no login activity for a given number of days. Inactive user lockout applies to local users only. In the Lock out inactive users after field, enter the number of days, from 1 to 1825 (or one day to five years), after which a local user is locked out.

Lockouts

For various security reasons, you may want to lock a user’s account. For example, repeated unsuccessful attempts to log in might indicate an attempt at unauthorized access.

Information on locked-out users can be viewed in the Top User Lockouts widget, see Top user lockouts widget.

Currently locked-out users can be viewed in Monitor > Authentication > Locked-out Users.

To configure the user lockout policy:
  1. Go to Authentication > User Account Policies > Lockouts.
  2. Configure the following settings, then select OK to apply any changes:
    Enable user account lockout policyEnable user account lockout for failed login attempts and enter the maximum number of allowed failed attempts in the Maximum failed login attempts field.
    Specify lockout period

    Enable to specify the length of the lockout period, from 60 to 86400 seconds (or one minute to one day). After the lockout period expires, the Maximum failed login attempts number applies again.

    When disabled, locked out users are permanently disabled until an administrator manually re-enables them.

    Enable inactive user lockout

    Select to enable disabling a local user account if there is no login activity for a given number of days. Inactive user lockout applies to local users only. In the Lock out inactive users after field, enter the number of days, from 1 to 1825 (or one day to five years), after which a local user is locked out.