topic Re: Remote VPN User account lock after failed authentication threshold in SASE and Remote Access

Remote VPN User account lock after failed authentication threshold

Pedro_Madeira — Mon, 25 Jun 2018 14:31:26 GMT

Hello everyone.

Is it possible to lock remote access user accounts after they fail to authenticate a number of times?

In the particular scenario I'm running, the users are local to the user center and not located on a centralized remote directory.

I'm surely missing something because I searched both R77.30 and R80.10 consoles to no avail and also searched KB and Check Mates but wasn't lucky.

Many thanks in advance.

Re: Remote VPN User account lock after failed authentication threshold

PhoneBoy — Tue, 26 Jun 2018 00:18:46 GMT

This is not supported using Internal Password.

However, you can use OS Password and create the users in Gaia as described here:

Supporting more Complex Passwords without using a RADIUS/TACACS+ Server‌

Then you can leverage the feature in Gaia OS to lock out after failed login attempts.

Re: Remote VPN User account lock after failed authentication threshold

Pedro_Madeira — Tue, 26 Jun 2018 10:13:24 GMT

Hello Dameon,

First of all let me say that I'm honored for a legend like you to be replying to me Been following your work and information share for years.

Thank you very much for your answer. It definitely clears any doubt regarding what I was searching. I will try to convince my customer to move all local authentication to a central repository like an MSAD for example to achieve the goal they're looking for.

Best regards from Portugal,

Pedro Madeira

Re: Remote VPN User account lock after failed authentication threshold

PhoneBoy — Tue, 26 Jun 2018 14:53:40 GMT

It's always better to use a central authentication store where possible.