This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pedro_Madeira
Collaborator
‎2018-06-25 07:31 AM
Jump to solution

Remote VPN User account lock after failed authentication threshold

Hello everyone.

Is it possible to lock remote access user accounts after they fail to authenticate a number of times?

In the particular scenario I'm running, the users are local to the user center and not located on a centralized remote directory.

I'm surely missing something because I searched both R77.30 and R80.10 consoles to no avail and also searched KB and Check Mates but wasn't lucky.

Many thanks in advance.

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2018-06-25 05:18 PM
Jump to solution

This is not supported using Internal Password.

However, you can use OS Password and create the users in Gaia as described here:

Supporting more Complex Passwords without using a RADIUS/TACACS+ Server

Then you can leverage the feature in Gaia OS to lock out after failed login attempts.

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2018-06-25 05:18 PM
Jump to solution

This is not supported using Internal Password.

However, you can use OS Password and create the users in Gaia as described here:

Supporting more Complex Passwords without using a RADIUS/TACACS+ Server

Then you can leverage the feature in Gaia OS to lock out after failed login attempts.

Pedro_Madeira
Collaborator
‎2018-06-26 03:13 AM
In response to PhoneBoy
Jump to solution

Hello  Dameon,

First of all let me say that I'm honored for a legend like you to be replying to me Smiley Happy Been following your work and information share for years.

Thank you very much for your answer. It definitely clears any doubt regarding what I was searching. I will try to convince my customer to move all local authentication to a central repository like an MSAD for example to achieve the goal they're looking for.

Best regards from Portugal,

Pedro Madeira

0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-26 07:53 AM
In response to Pedro_Madeira
Jump to solution

Smiley Happy

It's always better to use a central authentication store where possible.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top