Q: Firewall how to modify terminal user authentication times and the join blacklist time when authentication failed?
A: for Telnet users, in the “user-interface” view, use “lock authentication-count” command modify the authentication frequency (the default value is 3 times, range 1-12), use “lock lock-timeout” command modify the join blacklist timeout time when authentication failed (the default value is 10 minutes, range 1-1500).
For SSH users, in system view, using “SSH server authentication-retries” command modify the authentication number (the default value is 3 times, range 1-5), the jion blacklist time cannot be modified, it is 10 minutes. Specific as follows:
[USG2100]user-interface vty 0 4
[USG2100-ui-vty0-4]lock authentication-count ?
INTEGER<1-12> Authentication Count , default is 3
[USG2100-ui-vty0-4]lock lock-timeout ?
INTEGER<1-1500> Value of time (in minutes) , default is 10
[USG2100]ssh server authentication-retries ?
INTEGER<1-5> Set the authentication times, the default value is 3 times
Add blacklist authentication frequency configuration command in system view (default values is 3 times, range 1-5), specific as follows:
[USG2100]firewall blacklist authentication-count login-failed ?
INTEGER<1-5> authenticaton times,default value is 3
When configured the blacklist’s authentication failure frequency both in the user-interface view and the system view at the same time, the priority of configuration in user interface view (user-interface) is higher than in system view.